1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google Redirect

Discussion in 'Malware and Virus Removal Archive' started by Aaron5050, 2009/05/08.

  1. 2009/05/08
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    [Resolved]Google Redirect

    I am a new user and have been experiencing some problems with my system.
    1.) Google links are redirected to random web pages
    2.) Malwarebytes' will delete problems but they will come back after using the internet.
    3.) Random window pop-ups for spyware programs, saying that they are needed for my computer.

    The problem continues to get worse and more frequent. Please help. Thank you.
     
    Aaron5050,
    #1
  2. 2009/05/08
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)

    There is an announcement at the head of the forum .....

    *** READ THIS BEFORE POSTING IN THIS FORUM ***

    Please read and post the logs requested in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2009/05/08
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    attach and DDS

    Attach:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/7/2008 8:06:43 AM
    System Uptime: 5/8/2009 3:04:43 AM (1 hours ago)

    Motherboard: Dell Inc. | | 0KU184
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2193/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 89.394 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme 57xx Gigabit Controller
    Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1E93A591&0&00E5
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme 57xx Gigabit Controller
    PNP Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1E93A591&0&00E5
    Service: b57w2k

    ==== System Restore Points ===================

    RP322: 2/8/2009 11:05:16 PM - System Checkpoint
    RP323: 2/10/2009 1:46:29 AM - System Checkpoint
    RP324: 2/11/2009 3:00:18 AM - Software Distribution Service 3.0
    RP325: 2/13/2009 2:00:17 AM - System Checkpoint
    RP326: 2/15/2009 8:03:18 PM - System Checkpoint
    RP327: 2/16/2009 8:48:03 PM - System Checkpoint
    RP328: 2/17/2009 8:52:26 PM - System Checkpoint
    RP329: 2/19/2009 9:57:57 PM - System Checkpoint
    RP330: 2/22/2009 5:07:53 PM - System Checkpoint
    RP331: 2/24/2009 12:04:15 AM - System Checkpoint
    RP332: 3/3/2009 2:28:32 AM - Software Distribution Service 3.0
    RP333: 3/4/2009 3:22:38 AM - Software Distribution Service 3.0
    RP334: 3/5/2009 3:26:46 AM - System Checkpoint
    RP335: 3/6/2009 3:30:08 PM - Software Distribution Service 3.0
    RP336: 3/9/2009 9:25:00 PM - System Checkpoint
    RP337: 3/15/2009 3:00:29 AM - Software Distribution Service 3.0
    RP338: 3/16/2009 3:00:17 AM - Software Distribution Service 3.0
    RP339: 3/19/2009 8:25:45 PM - System Checkpoint
    RP340: 3/22/2009 9:18:14 PM - System Checkpoint
    RP341: 3/24/2009 3:27:53 AM - System Checkpoint
    RP342: 3/25/2009 12:03:36 AM - ComboFix created restore point
    RP343: 3/26/2009 12:57:34 AM - System Checkpoint
    RP344: 3/26/2009 3:00:19 AM - Software Distribution Service 3.0
    RP345: 3/30/2009 4:35:21 AM - System Checkpoint
    RP346: 4/1/2009 10:30:12 PM - System Checkpoint
    RP347: 4/2/2009 10:57:36 PM - System Checkpoint
    RP348: 4/4/2009 12:12:44 PM - Software Distribution Service 3.0
    RP349: 4/5/2009 11:42:01 PM - System Checkpoint
    RP350: 4/7/2009 6:13:36 PM - System Checkpoint
    RP351: 4/11/2009 11:33:04 PM - Software Distribution Service 3.0
    RP352: 4/13/2009 12:50:35 AM - System Checkpoint
    RP353: 4/14/2009 1:25:24 AM - System Checkpoint
    RP354: 4/15/2009 2:43:32 AM - System Checkpoint
    RP355: 4/15/2009 3:00:25 AM - Software Distribution Service 3.0
    RP356: 4/17/2009 6:23:37 PM - System Checkpoint
    RP357: 4/18/2009 8:07:34 PM - Software Distribution Service 3.0
    RP358: 4/20/2009 3:04:31 PM - Software Distribution Service 3.0
    RP359: 4/21/2009 3:55:00 AM - Software Distribution Service 3.0
    RP360: 4/22/2009 3:00:16 AM - Software Distribution Service 3.0
    RP361: 4/23/2009 3:00:18 AM - Software Distribution Service 3.0
    RP362: 4/24/2009 3:00:16 AM - Software Distribution Service 3.0
    RP363: 4/26/2009 7:07:32 PM - System Checkpoint
    RP364: 4/26/2009 10:45:28 PM - ComboFix created restore point
    RP365: 4/27/2009 3:30:38 AM - Software Distribution Service 3.0
    RP366: 4/27/2009 7:49:49 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP367: 4/28/2009 1:35:33 PM - ComboFix created restore point
    RP368: 4/28/2009 2:03:25 PM - Removed Security Update for CAPICOM (KB931906)
    RP369: 4/28/2009 2:09:00 PM - Removed Visual C++ 2008 x86 Runtime - (v9.0.30729)
    RP370: 5/8/2009 1:41:15 AM - Removed J2SE Runtime Environment 5.0 Update 6
    RP371: 5/8/2009 1:45:26 AM - Installed Java(TM) 6 Update 13

    ==== Installed Programs ======================

    µTorrent
    Ad-Aware
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.1
    Adobe Shockwave Player
    Adobe® Photoshop® Album Starter Edition 3.2
    AIM 6
    AiO_Scan_CDA
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft VideoImpression 2
    AuthenTec Fingerprint Sensor Minimum Install
    biolsp patch
    BlackBerry Desktop Software 4.6
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Broadcom ASF Management Applications
    Broadcom Management Programs
    CDDRV_Installer
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Drivers MSI
    Dell Embassy Trust Suite by Wave Systems
    Dell Touchpad
    Dell Wireless WLAN Card
    Digital Line Detect
    Document Manager Lite
    DVR Client Program
    EMBASSY Security Center
    EMBASSY Security Setup
    EMBASSY Trust Suite by Wave Systems
    EPSON Printer Software
    ESC Home Page Plugin
    Full Tilt Poker
    Gemalto
    GemSafe Standard Edition 5.1
    Google Desktop
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Memories Disc
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 2200 series
    HP Photosmart, Officejet and Deskjet 7.0.A
    hp psc 2200 series
    Intel(R) Graphics Media Accelerator Driver
    IntelliSonic Speech Enhancement
    iTunes
    Java(TM) 6 Update 13
    KhalInstallWrapper
    Linksys EasyLink Advisor 1.5 (1044)
    Logitech Registration
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MobileMe Control Panel
    Modem Diagnostic Tool
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.0.10)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    NetWaiting
    NTRU TCG Software Stack
    Olympus Digital Wave Player
    PC VGA Camer@ Plus
    PokerStars
    PowerDVD
    Preboot Manager
    Private Information Manager
    QFolder
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio Media Manager
    Roxio Update Manager
    SABRE
    Scan
    SearchAssist
    Secure Update
    SecureW2 TTLS Client 3.3.2 for Windows
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Security Wizards
    SigmaTel Audio
    Sonic Activation Module
    Spybot - Search & Destroy
    SpywareBlaster 4.2
    Trusted Drive Manager
    tsp patch
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    upekmsi
    URL Assistant
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Wave Infrastructure Installer
    Wave Support Software
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    5/6/2009 8:53:26 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PETERCAI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D886BDCD-A653-4E. The master browser is stopping or an election is being forced.
    5/6/2009 5:32:41 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 805264d6, parameter3 a6b810e4, parameter4 00000000.
    5/6/2009 5:32:38 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 a7dc589d, parameter3 a5b2014c, parameter4 00000000.
    5/6/2009 5:32:04 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 a8a2b89d, parameter3 a7efc14c, parameter4 00000000.
    5/6/2009 4:05:03 PM, error: Dhcp [1002] - The IP address lease 192.168.1.132 for the Network Card with network address 001E4C73642C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    5/6/2009 2:19:14 PM, error: PlugPlayManager [12] - The device 'Broadcom NetXtreme 57xx Gigabit Controller' (PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1e93a591&0&00E5) disappeared from the system without first being prepared for removal.
    5/6/2009 10:27:14 PM, error: System Error [1003] - Error code 10000050, parameter1 ffffffe8, parameter2 00000001, parameter3 805264d6, parameter4 00000000.
    5/5/2009 8:56:11 PM, error: Dhcp [1002] - The IP address lease 216.171.44.13 for the Network Card with network address 001E4C73642C has been denied by the DHCP server 128.91.3.9 (The DHCP Server sent a DHCPNACK message).
    5/5/2009 5:41:07 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HOST-44-159 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D886BDCD-A653-4E. The master browser is stopping or an election is being forced.
    5/5/2009 4:50:13 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 216.171.44.13. The machine with the IP address 216.171.44.228 did not allow the name to be claimed by this machine.
    5/5/2009 2:23:29 PM, error: Service Control Manager [7034] - The NTRU TSS v1.2.1.12 TCS service terminated unexpectedly. It has done this 1 time(s).
    5/5/2009 2:23:29 PM, error: Service Control Manager [7022] - The NTRU TSS v1.2.1.12 TCS service hung on starting.
    5/5/2009 2:22:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
    5/4/2009 9:46:22 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 2 time(s).
    5/4/2009 9:42:51 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
    5/4/2009 9:12:58 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 216.171.44.13. The machine with the IP address 216.171.44.162 did not allow the name to be claimed by this machine.
    5/4/2009 6:51:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    5/4/2009 6:34:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    5/4/2009 4:34:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/4/2009 4:23:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    5/4/2009 4:23:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments " " in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
    5/4/2009 4:22:18 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    5/4/2009 4:21:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom WS2IFSL
    5/4/2009 4:21:13 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2009 4:21:13 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2009 4:21:13 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2009 4:21:13 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2009 4:21:13 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2009 4:21:13 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/4/2009 4:15:55 PM, error: Dhcp [1002] - The IP address lease 216.171.44.13 for the Network Card with network address 001E4C73642C has been denied by the DHCP server 128.91.254.1 (The DHCP Server sent a DHCPNACK message).
    5/4/2009 10:20:13 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 4 time(s).
    5/4/2009 10:16:25 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 3 time(s).
    5/2/2009 9:06:22 AM, error: PlugPlayManager [12] - The device 'Printer Port Logical Interface' (LPTENUM\MicrosoftRawPort\5&1825d551&0&LPT1) disappeared from the system without first being prepared for removal.
    5/2/2009 9:06:22 AM, error: PlugPlayManager [12] - The device 'ECP Printer Port (LPT1)' (ACPI\PNP0401\4&2f94427b&0) disappeared from the system without first being prepared for removal.
    5/2/2009 9:05:59 AM, error: PlugPlayManager [12] - The device 'Docking Station' (ACPI\DockDevice\_SB_.PCI0.PCIE.GDCK) disappeared from the system without first being prepared for removal.
    5/2/2009 9:05:32 AM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 001E4C73642C has been denied by the DHCP server 68.180.28.6 (The DHCP Server sent a DHCPNACK message).
    5/1/2009 7:27:16 PM, error: Dhcp [1002] - The IP address lease 216.171.44.13 for the Network Card with network address 001E4C73642C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================
     
    Aaron5050,
    #3
  5. 2009/05/08
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    attach and DDS

    DDS below:

    DDS (Ver_09-03-16.01) - NTFSx86
    Run by Aaron at 4:40:38.04 on Fri 05/08/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1201 [GMT -4:00]

    AV: McAfee VirusScan *On-access scanning enabled* (Updated)
    FW: McAfee Personal Firewall *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Aaron\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://medley.isc-seo.upenn.edu/penn_portal/view.php
    uInternet Settings,ProxyOverride = *.local
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
    uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
    mRun: [KADxMain] c:\windows\system32\KADxMain.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe "
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800 "
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe "
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 wvauth

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\aaron\applic~1\mozilla\firefox\profiles\npkv4wym.default\
    FF - prefs.js: browser.startup.homepage - hxxp://medley.isc-seo.upenn.edu/penn_portal/view.php

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-24 64160]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-2 214024]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-2 359952]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-2 144704]
    R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-2 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-2 79880]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-2 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-2 40552]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-2 34216]
    S3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [2007-8-22 461312]

    =============== Created Last 30 ================

    2009-05-08 02:54 161,792 a------- c:\windows\SWREG.exe
    2009-05-08 02:54 98,816 a------- c:\windows\sed.exe
    2009-05-06 17:19 268 a---h--- C:\sqmdata19.sqm
    2009-05-06 17:19 244 a---h--- C:\sqmnoopt19.sqm
    2009-05-04 22:08 <DIR> --d----- c:\program files\Trend Micro
    2009-05-04 18:32 268 a---h--- C:\sqmdata18.sqm
    2009-05-04 18:32 244 a---h--- C:\sqmnoopt18.sqm
    2009-05-04 16:23 <DIR> --d----- c:\docume~1\aaron\applic~1\Malwarebytes
    2009-05-04 16:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-05-04 16:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-04 16:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-05-04 16:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-05-04 16:18 268 a---h--- C:\sqmdata17.sqm
    2009-05-04 16:18 244 a---h--- C:\sqmnoopt17.sqm
    2009-05-04 15:48 268 a---h--- C:\sqmdata16.sqm
    2009-05-04 15:48 244 a---h--- C:\sqmnoopt16.sqm
    2009-04-28 17:33 268 a---h--- C:\sqmdata15.sqm
    2009-04-28 17:33 244 a---h--- C:\sqmnoopt15.sqm
    2009-04-28 16:25 268 a---h--- C:\sqmdata14.sqm
    2009-04-28 16:25 244 a---h--- C:\sqmnoopt14.sqm
    2009-04-28 15:46 268 a---h--- C:\sqmdata13.sqm
    2009-04-28 15:46 244 a---h--- C:\sqmnoopt13.sqm
    2009-04-28 15:36 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-28 15:31 268 a---h--- C:\sqmdata12.sqm
    2009-04-28 15:31 244 a---h--- C:\sqmnoopt12.sqm
    2009-04-28 01:26 268 a---h--- C:\sqmdata11.sqm
    2009-04-28 01:26 244 a---h--- C:\sqmnoopt11.sqm
    2009-04-27 19:52 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
    2009-04-27 03:36 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-04-27 03:35 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-04-27 03:35 575,488 -------- c:\windows\system32\xpsshhdr.dll
    2009-04-27 03:35 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-04-27 03:35 117,760 -------- c:\windows\system32\prntvpt.dll
    2009-04-27 03:35 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-04-27 03:35 1,676,288 -------- c:\windows\system32\xpssvcs.dll
    2009-04-27 03:35 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
    2009-04-27 03:35 <DIR> --d----- c:\windows\SxsCaPendDel
    2009-04-27 03:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2009-04-27 03:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2009-04-27 03:25 <DIR> --d----- c:\program files\SpywareBlaster
    2009-04-24 03:01 268 a---h--- C:\sqmdata10.sqm
    2009-04-24 03:01 244 a---h--- C:\sqmnoopt10.sqm
    2009-04-23 17:46 268 a---h--- C:\sqmdata09.sqm
    2009-04-23 17:46 244 a---h--- C:\sqmnoopt09.sqm
    2009-04-22 15:03 268 a---h--- C:\sqmdata08.sqm
    2009-04-22 15:03 244 a---h--- C:\sqmnoopt08.sqm
    2009-04-21 04:00 268 a---h--- C:\sqmdata07.sqm
    2009-04-21 04:00 244 a---h--- C:\sqmnoopt07.sqm
    2009-04-18 20:14 268 a---h--- C:\sqmdata06.sqm
    2009-04-18 20:14 244 a---h--- C:\sqmnoopt06.sqm
    2009-04-15 03:30 268 a---h--- C:\sqmdata05.sqm
    2009-04-15 03:30 244 a---h--- C:\sqmnoopt05.sqm
    2009-04-14 20:23 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
    2009-04-14 20:23 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
    2009-04-14 20:23 284,160 -------- c:\windows\system32\dllcache\pdh.dll
    2009-04-14 20:23 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-14 20:23 110,592 -------- c:\windows\system32\dllcache\services.exe
    2009-04-14 20:23 35,328 -------- c:\windows\system32\dllcache\sc.exe
    2009-04-14 20:23 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
    2009-04-14 20:23 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
    2009-04-14 20:23 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
    2009-04-14 20:23 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-14 20:21 2,560 -------- c:\windows\system32\xpsp4res.dll
    2009-04-14 20:21 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
    2009-04-14 20:21 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
    2009-04-08 06:06 268 a---h--- C:\sqmdata04.sqm
    2009-04-08 06:06 244 a---h--- C:\sqmnoopt04.sqm

    ==================== Find3M ====================

    2009-04-28 15:46 15,688 a------- c:\windows\system32\lsdelete.exe
    2009-04-28 02:42 64,160 a------- c:\windows\system32\drivers\Lbd.sys
    2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
    2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
    2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
    2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
    2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
    2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
    2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
    2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
    2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
    2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
    2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
    2009-03-02 20:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
    2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
    2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
    2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
    2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
    2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
    2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
    2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
    2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
    2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-12-24 18:37 256 a------- c:\documents and settings\aaron\pool.bin

    ============= FINISH: 4:40:56.15 ===============
     
    Aaron5050,
    #4
  6. 2009/05/08
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks :)

    One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

    Thank you for your patience.
     
    PeteC,
    #5
  7. 2009/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under Configuration and Preferences, click the Preferences button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Scan for tracking cookies.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * Back on the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.
    NOTE: Tracking cookies may be omitted from the log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2009/05/18
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    Sorry for the delayed reply. Here is everything you have requested. Thank you soo much for the help!

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 05/18/2009 at 02:39 AM

    Application Version : 4.26.1002

    Core Rules Database Version : 3897
    Trace Rules Database Version: 1844

    Scan type : Complete Scan
    Total Scan Time : 02:34:36

    Memory items scanned : 282
    Memory threats detected : 0
    Registry items scanned : 7303
    Registry threats detected : 0
    File items scanned : 78423
    File threats detected : 58

    Adware.Tracking Cookie
    [omitted]



    Malwarebytes' Anti-Malware 1.36
    Database version: 2147
    Windows 5.1.2600 Service Pack 3

    5/18/2009 2:41:43 PM
    mbam-log-2009-05-18 (14-41-43).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 170468
    Time elapsed: 49 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    Last edited by a moderator: 2009/05/18
    Aaron5050,
    #7
  9. 2009/05/18
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    The rest....


    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-05-18 13:21:48
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA846F4EA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA846F498]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA846F4AC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA846F597]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA846F5C3]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA846F631]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA846F61B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA846F52A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA846F65D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA846F56D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA846F470]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA846F484]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA846F4FE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA846F699]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA846F605]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA846F5EF]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA846F5AD]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA846F685]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA846F671]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA846F4D6]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA846F4C2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA846F559]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA846F647]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA846F540]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA846F514]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A846F518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A846F4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP A846F52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP A846F544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP A846F502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP A846F474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP A846F488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP A846F4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP A846F4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP A846F49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP A846F4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP A846F55D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryValueKey 806219E8 7 Bytes JMP A846F5F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnloadKey 80622060 7 Bytes JMP A846F64B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228FE 7 Bytes JMP A846F609 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 7 Bytes JMP A846F5B1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteKey 80623C40 7 Bytes JMP A846F59B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E10 7 Bytes JMP A846F5C7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 7 Bytes JMP A846F635 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425A 7 Bytes JMP A846F61F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP A846F571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryKey 80624EA8 7 Bytes JMP A846F69D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRestoreKey 80625168 5 Bytes JMP A846F675 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwReplaceKey 8062585C 5 Bytes JMP A846F689 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625976 5 Bytes JMP A846F661 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0038
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F4D
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0027
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F68
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0F8A
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A006E
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F32
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00AE
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F0B
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00BF
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0F79
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0000
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A005D
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FA5
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FC0
    .text C:\WINDOWS\system32\dllhost.exe[432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A007F
    .text C:\WINDOWS\system32\dllhost.exe[432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290F89
    .text C:\WINDOWS\system32\dllhost.exe[432] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290F9A
    .text C:\WINDOWS\system32\dllhost.exe[432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FBC
    .text C:\WINDOWS\system32\dllhost.exe[432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290000
    .text C:\WINDOWS\system32\dllhost.exe[432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FAB
    .text C:\WINDOWS\system32\dllhost.exe[432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FE3
    .text C:\WINDOWS\system32\dllhost.exe[432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0F9E
    .text C:\WINDOWS\system32\dllhost.exe[432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A001B
    .text C:\WINDOWS\system32\dllhost.exe[432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FB9
    .text C:\WINDOWS\system32\dllhost.exe[432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FD4
    .text C:\WINDOWS\system32\dllhost.exe[432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0F5E
    .text C:\WINDOWS\system32\dllhost.exe[432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FE5
    .text C:\WINDOWS\system32\dllhost.exe[432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002A000A
    .text C:\WINDOWS\system32\dllhost.exe[432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0F83
    .text C:\WINDOWS\system32\dllhost.exe[432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A70FEF
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 016D000A
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 016D0076
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 016D0F81
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 016D0065
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 016D0054
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 016D0FCD
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 016D0F4B
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 016D0F5C
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016D0F1F
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016D00B8
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016D00D3
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 016D0FB2
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 016D0025
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 016D0087
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 016D0FDE
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 016D0FEF
    .text C:\WINDOWS\Explorer.EXE[480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 016D0F30
    .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014D0036
    .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014D0FAC
    .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014D001B
    .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014D000A
    .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014D0069
    .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014D0FEF
    .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 014D0058
    .text C:\WINDOWS\Explorer.EXE[480] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014D0047
    .text C:\WINDOWS\Explorer.EXE[480] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0F90
    .text C:\WINDOWS\Explorer.EXE[480] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF001B
    .text C:\WINDOWS\Explorer.EXE[480] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF0FC6
    .text C:\WINDOWS\Explorer.EXE[480] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0FEF
    .text C:\WINDOWS\Explorer.EXE[480] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF0FAB
    .text C:\WINDOWS\Explorer.EXE[480] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF0000
    .text C:\WINDOWS\Explorer.EXE[480] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01500000
    .text C:\WINDOWS\Explorer.EXE[480] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01500FEF
    .text C:\WINDOWS\Explorer.EXE[480] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01500025
    .text C:\WINDOWS\Explorer.EXE[480] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 01500040
    .text C:\WINDOWS\Explorer.EXE[480] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0FEF
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90F7E
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F9007D
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90FA3
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90062
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90047
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900BA
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F900A9
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900E6
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F57
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F90F3C
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90FCA
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FE5
    .text
     
    Aaron5050,
    #8
  10. 2009/05/18
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    Continued:
    C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F9008E
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F90036
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F9001B
    .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900CB
    .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F8001B
    .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80F65
    .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FCA
    .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80FE5
    .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F8002C
    .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80000
    .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F80F8A
    .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [18, 89]
    .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80FA5
    .text C:\WINDOWS\system32\services.exe[1044] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70F9E
    .text C:\WINDOWS\system32\services.exe[1044] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70FB9
    .text C:\WINDOWS\system32\services.exe[1044] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70FD4
    .text C:\WINDOWS\system32\services.exe[1044] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70FEF
    .text C:\WINDOWS\system32\services.exe[1044] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70029
    .text C:\WINDOWS\system32\services.exe[1044] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F70018
    .text C:\WINDOWS\system32\services.exe[1044] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60000
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020000
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01020064
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01020F6F
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01020F80
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01020F9B
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020FB6
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0102008B
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01020F43
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010200B7
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010200A6
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010200D2
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0102003D
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01020011
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01020F5E
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01020FDB
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0102002C
    .text C:\WINDOWS\system32\lsass.exe[1056] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01020F32
    .text C:\WINDOWS\system32\lsass.exe[1056] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01010FB9
    .text C:\WINDOWS\system32\lsass.exe[1056] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01010F75
    .text C:\WINDOWS\system32\lsass.exe[1056] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01010FD4
    .text C:\WINDOWS\system32\lsass.exe[1056] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0101000A
    .text C:\WINDOWS\system32\lsass.exe[1056] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01010F86
    .text C:\WINDOWS\system32\lsass.exe[1056] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01010FEF
    .text C:\WINDOWS\system32\lsass.exe[1056] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01010F97
    .text C:\WINDOWS\system32\lsass.exe[1056] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [21, 89]
    .text C:\WINDOWS\system32\lsass.exe[1056] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01010FA8
    .text C:\WINDOWS\system32\lsass.exe[1056] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0033
    .text C:\WINDOWS\system32\lsass.exe[1056] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0022
    .text C:\WINDOWS\system32\lsass.exe[1056] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FC3
    .text C:\WINDOWS\system32\lsass.exe[1056] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF
    .text C:\WINDOWS\system32\lsass.exe[1056] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FB2
    .text C:\WINDOWS\system32\lsass.exe[1056] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FDE
    .text C:\WINDOWS\system32\lsass.exe[1056] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE000A
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D80000
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D8007C
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D8006B
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D8005A
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D8003D
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D80FAF
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D800B4
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D8008D
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D80F47
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D800E0
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D80F2C
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D8002C
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D80FDB
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D80F62
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D80FC0
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D80011
    .text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D800CF
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D70025
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D70062
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D70014
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D70FDE
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D70047
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D70FEF
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D70FA5
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F7, 88]
    .text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D70036
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D60FBC
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D60FCD
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D60018
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D60FEF
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D60033
    .text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D60FDE
    .text C:\WINDOWS\system32\svchost.exe[1244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D50FE5
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01220000
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01220089
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01220078
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01220F9E
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01220FB9
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01220FCA
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012200C1
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01220F79
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01220F32
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01220F4D
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01220F21
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01220051
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0122001B
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0122009A
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01220FDB
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0122002C
    .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01220F68
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01210000
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0121003D
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01210FAF
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01210FD4
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01210F80
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01210FEF
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01210022
    .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01210011
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0050
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF003F
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF002E
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF000C
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FCF
    .text C:\WINDOWS\system32\svchost.exe[1292] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF001D
    .text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 052D0000
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 052D0F9E
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 052D0FAF
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 052D007D
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 052D0FC0
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 052D0047
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 052D00D0
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 052D00BF
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 052D00FC
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 052D00EB
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 052D010D
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 052D0062
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 052D001B
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 052D00AE
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 052D0036
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 052D0FE5
    .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 052D0F63
    .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01D70FCA
    .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01D70054
    .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01D70FDB
    .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01D70011
    .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01D70F97
    .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01D70000
    .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01D70FA8
    .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F7, 89]
    .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01D70FB9
    .text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01D60044
    .text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!system 77C293C7 5 Bytes JMP 01D60033
    .text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01D60018
    .text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01D60FEF
    .text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01D60FC3
    .text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01D60FDE
    .text C:\WINDOWS\System32\svchost.exe[1332] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01D50000
    .text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01D80000
    .text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01D80011
    .text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01D80FDB
    .text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 01D80FC0
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00800000
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00800F61
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00800F7C
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00800F8D
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00800FA8
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00800040
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00800F29
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00800F3A
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00800F07
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00800096
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00800EE2
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00800FC3
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00800011
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00800071
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00800FD4
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00800FE5
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00800F18
    .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F002C
    .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0F94
    .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F001B
    .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F000A
    .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007F0FA5
    .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007F0FEF
    .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007F0FC0
    .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9F, 88]
    .text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007F003D
    .text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007E0FB2
    .text
    C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 007E0FC3
    .text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007E0018
    .text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007E0FEF
    .text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007E003D
    .text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007E0FDE
    .text C:\WINDOWS\system32\svchost.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007D0000
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00000
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00071
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00F72
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00F83
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00F9E
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00FCA
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A000A9
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A0008C
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A00F3C
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A000D5
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000FA
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00FAF
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00FDB
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A00F61
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A0002C
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A0001B
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A000C4
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0FD4
    .text
     
    Aaron5050,
    #9
  11. 2009/05/18
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0F9E
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F002F
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F0FEF
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F005B
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0000
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009F0FC3
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BF, 88]
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F004A
    .text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0FAB
    .text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FC6
    .text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0022
    .text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0000
    .text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0FD7
    .text C:\WINDOWS\system32\svchost.exe[1480] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0011
    .text C:\WINDOWS\system32\svchost.exe[1480] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0FEF
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0FA5
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0FB6
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0FC7
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A007A
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A004E
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00DC
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F8A
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F54
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00ED
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0108
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A005F
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00B5
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A003D
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A002C
    .text C:\WINDOWS\system32\svchost.exe[2296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F79
    .text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290025
    .text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290065
    .text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290014
    .text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FDE
    .text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0029004A
    .text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
    .text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FA8
    .text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
    .text C:\WINDOWS\system32\svchost.exe[2296] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FB9
    .text C:\WINDOWS\system32\svchost.exe[2296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0FC3
    .text C:\WINDOWS\system32\svchost.exe[2296] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E004E
    .text C:\WINDOWS\system32\svchost.exe[2296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0022
    .text C:\WINDOWS\system32\svchost.exe[2296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
    .text C:\WINDOWS\system32\svchost.exe[2296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E003D
    .text C:\WINDOWS\system32\svchost.exe[2296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0011
    .text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2664] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0FE5
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0F6B
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0F86
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0F97
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD004A
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0FA8
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0085
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F3D
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD00E0
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD00BB
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD0F2C
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD002F
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD0FCA
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD0F5A
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD0FB9
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD0000
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD00AA
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A20F9E
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A20054
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A20FAF
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A20FD4
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A20039
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A20FEF
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A20F8D
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C2, 88]
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A20014
    .text C:\WINDOWS\system32\svchost.exe[3628] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10049
    .text C:\WINDOWS\system32\svchost.exe[3628] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10FBE
    .text C:\WINDOWS\system32\svchost.exe[3628] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FD9
    .text C:\WINDOWS\system32\svchost.exe[3628] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10000
    .text C:\WINDOWS\system32\svchost.exe[3628] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A1002E
    .text C:\WINDOWS\system32\svchost.exe[3628] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A10011
    .text C:\WINDOWS\system32\svchost.exe[3628] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00A30FEF
    .text C:\WINDOWS\system32\svchost.exe[3628] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00A3000A
    .text C:\WINDOWS\system32\svchost.exe[3628] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00A30025
    .text C:\WINDOWS\system32\svchost.exe[3628] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 00A30036
    .text C:\WINDOWS\system32\svchost.exe[3628] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A0000A
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0025000A
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002500DA
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002500BF
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 002500A2
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250091
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250065
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250106
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250FCA
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250121
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00250F88
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00250132
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250076
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0025001B
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002500F5
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0025004A
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FEF
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250F99
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350025
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0035005B
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350014
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FDE
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350F9E
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0035004A
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350FC3
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360047
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] msvcrt.dll!system 77C293C7 5 Bytes JMP 0036002C
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FCD
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FBC
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360011
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01CD0000
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01CD0FDB
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01CD0FCA
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 01CD0FB9
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4136] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01C3000A
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F77
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0062
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0051
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F94
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00A2
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0091
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F24
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F3F
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F13
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FA5
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A000A
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F66
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0025
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FD4
    .text C:\WINDOWS\system32\dllhost.exe[4360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00BD
    .text C:\WINDOWS\system32\dllhost.exe[4360] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290051
    .text C:\WINDOWS\system32\dllhost.exe[4360] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FBC
    .text C:\WINDOWS\system32\dllhost.exe[4360] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FCD
    .text C:\WINDOWS\system32\dllhost.exe[4360] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
    .text C:\WINDOWS\system32\dllhost.exe[4360] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290022
    .text C:\WINDOWS\system32\dllhost.exe[4360] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FDE
    .text C:\WINDOWS\system32\dllhost.exe[4360] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FBC
    .text C:\WINDOWS\system32\dllhost.exe[4360] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F75
    .text C:\WINDOWS\system32\dllhost.exe[4360] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FCD
    .text C:\WINDOWS\system32\dllhost.exe[4360] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FDE
    .text C:\WINDOWS\system32\dllhost.exe[4360] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0032
    .text C:\WINDOWS\system32\dllhost.exe[4360] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
    .text C:\WINDOWS\system32\dllhost.exe[4360] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F90
    .text C:\WINDOWS\system32\dllhost.exe[4360] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
    .text C:\WINDOWS\system32\dllhost.exe[4360] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0FAB
    .text C:\WINDOWS\system32\dllhost.exe[4360] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB0FEF

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[2560] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[4220] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    Device \FileSystem\Fastfat \Fat A6168D20

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

    ---- EOF - GMER 1.0.15 ----
     
    Aaron5050,
    #10
  12. 2009/05/18
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:49:12 PM, on 5/18/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://medley.isc-seo.upenn.edu/penn_portal/view.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe "
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe "
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800 "
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 13807 bytes
     
    Aaron5050,
    #11
  13. 2009/05/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download GooredFix and save it to your Desktop.
    Double-click Goored.exe to run it.
    Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
    A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
    Note: Do not run Option #2 yet.
     
    broni,
    #12
  14. 2009/05/18
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    As requested. Log is below. Thank you so much for you help!

    GooredFix v1.92 by jpshortstuff
    Log created at 17:45 on 18/05/2009 running Option #1 (Aaron)
    Firefox version 3.0.10 (en-US)

    =====Suspect Goored Entries=====

    C:\Program Files\Mozilla Firefox\extensions\{1CE7C176-FA1C-4DD5-A3E5-A5D607E35E53}

    =====Dumping Registry Values=====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Plugins "= "C:\Program Files\Mozilla Firefox\plugins "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Components "= "C:\Program Files\Mozilla Firefox\components "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "{20a82645-c095-46ed-80e3-08825760534b} "= "C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "
     
    Aaron5050,
    #13
  15. 2009/05/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Make sure all instances of Firefox are closed at this point.
    Double-click Goored.exe on your Desktop to run it.
    Select 2. Fix Goored by typing 2 and pressing Enter.
    Type y at the prompt and press Enter again.
    A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
    Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system.
    Please also allow any registry changes that may be prompted by any of your security programs.
     
    broni,
    #14
  16. 2009/05/18
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    Requested post below. Thank you again for everything.

    GooredFix v1.92 by jpshortstuff
    Log created at 18:27 on 18/05/2009 running Option #2 (Aaron)
    Firefox version 3.0.10 (en-US)

    =====Goored Deletions=====
    C:\Program Files\Mozilla Firefox\extensions\{1CE7C176-FA1C-4DD5-A3E5-A5D607E35E53}
    ->Backing up folder... Done.
    ->Emptying folder... Done.
    ->Deleting folder... Done.

    =====Dumping Registry Values=====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Plugins "= "C:\Program Files\Mozilla Firefox\plugins "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Components "= "C:\Program Files\Mozilla Firefox\components "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "{20a82645-c095-46ed-80e3-08825760534b} "= "C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "
     
    Aaron5050,
    #15
  17. 2009/05/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is redirection issue now?
     
    broni,
    #16
  18. 2009/05/18
    Aaron5050

    Aaron5050 Inactive Thread Starter

    Joined:
    2009/05/08
    Messages:
    11
    Likes Received:
    0
    Everything is perfect now. Thank you so mcuh for your help. What can I delete that I downloaded? Thanks again for everything.
     
    Aaron5050,
    #17
  19. 2009/05/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
    Keep Superantispyware, and Malwarebytes. They're excellent tools for occasional scanning.

    Uninstall GooredFix...
    Click Start > Run and then copy/paste the following into the box and then click OK
    "%userprofile%\Desktop\GooredFix.exe" /uninstall
    If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

    Then....

    1. Download ATF Cleaner by Atribune.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Unselect Cookies.
    Click the Empty Selected button.

    If you use Firefox browser
    Click Firefox at the top and choose: Select All
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Unselect Cookies.
    Click the Empty Selected button.


    If you use Opera browser
    Click Opera at the top and choose: Select All
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Unselect Cookies.
    Click the Empty Selected button.


    Click Exit on the Main menu to close the program.

    2. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    3. Restart computer.

    4. Turn System Restore on.

    5. Make sure, Windows Updates are current.

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html


    I'm gonna mark this thread as solved.
     
    broni,
    #18

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...