Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus stops windows update & redirects search engine results

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus stops windows update & redirects search engine results

Unread postby ChrisUK » May 2nd, 2010, 3:10 pm

Hi All,

hope someone can help. I think I have a virus due to the following
Google Chrome now just hangs
Google or other search engines take me to odd sites when I click on the results of a search, often being redirected to the Ask search engine.
Going to the Windows update url sees my browser tell me there is a connection problem, while the rest of the internet works fine.

Mcaffee and Malwarebytes havent picked anything up.

I have posted my Hijack this log and uninstall log below. I hope I have done this right.

Thanks in advance

Chris

Hijackthis Log
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 19:59:47, on 02/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BatteryLifeExtender] C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Workstation lanmanworkstationMSDTC (lanmanworkstationMSDTC) - Unknown owner - C:\WINDOWS\system32\1025f.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 9270 bytes


Uninstall list
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Alice Greenfingers
AnyPC Client
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
BatteryLifeExtender
BBC iPlayer Desktop
BBC iPlayer Desktop
Bonjour
Cake Mania
CCleaner
Chicken Invaders 3
Choice Guard
Cooking Dash
Cooking Dash™
CyberLink YouCam
CyberLink YouCam
Diner Dash 2
Diner Dash: Flo on the Go
Diner Dash: Flo on the Go (remove only)
Dream Chronicles
Dream Day First Home
Easy Display Manager
Easy Network Manager
Easy Resolution Manager
Galapago
Game Pack
Go Go Gourmet Chef of the Year
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
imagine digital freedom - Samsung
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 18
Junk Mail filter update
Magic Keyboard
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Activation Assistant for Netbooks
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Mozilla Firefox (3.6.3)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Samsung Battery Manager
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Skype™ 4.2
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB946691)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
WebCam SCB-0340N
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows PowerShell(TM) 1.0
Zuma Deluxe
ChrisUK
Active Member
 
Posts: 10
Joined: May 2nd, 2010, 2:52 pm
Advertisement
Register to Remove

Re: Virus stops windows update & redirects search engine results

Unread postby MWR 3 day Mod » May 6th, 2010, 12:43 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Virus stops windows update & redirects search engine results

Unread postby xixo_12 » May 7th, 2010, 9:34 am

Hello and Welcome to Malware Removal Forums.
  • My name is xixo_12 and I will guide you.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • You may wish to print them off or copy the instruction into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that I will give to you are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Keep interact with me until your computer is clean.

Please make sure you have done your reading on this topic : How to get help at this forum
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

Next,
DeFogger - Disable
Please download from HERE and save to the desktop.
  • Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK. If nothing appear, please do reboot manually.
.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
GMER.
Please download from HERE and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Next,
Checklist.
Please post.
  • Content of log.txt and info.txt (Find both in c:\rsit)
  • Content of GMER.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Virus stops windows update & redirects search engine results

Unread postby ChrisUK » May 8th, 2010, 5:01 pm

Hi thank-you for helping me with this, I have run the different apps and here are the logs

info.txt logfile of random's system information tool 1.06 2010-05-07 19:29:14

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Alice Greenfingers-->"C:\Program Files\Samsung Casual Games\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Alice Greenfingers\install.log"
AnyPC Client-->C:\Program Files\InstallShield Installation Information\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}\setup.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros WLAN Client-->"C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe" -runfromtemp -l0x0009 -removeonly
BatteryLifeExtender-->MsiExec.exe /I{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}
BBC iPlayer Desktop-->msiexec /qb /x {78225D0F-D12C-09E4-5D6D-A64D763E8982}
BBC iPlayer Desktop-->MsiExec.exe /I{78225D0F-D12C-09E4-5D6D-A64D763E8982}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Cake Mania-->"C:\Program Files\Samsung Casual Games\Cake Mania\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Cake Mania\install.log"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Chicken Invaders 3-->"C:\Program Files\Samsung Casual Games\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Chicken Invaders 3\install.log"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cooking Dash-->"C:\Program Files\Samsung Casual Games\Cooking Dash\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Cooking Dash\install.log"
Cooking Dash™-->C:\PROGRA~1\SHOCKW~1.COM\COOKIN~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\COOKIN~1\INSTALL.LOG
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Diner Dash 2-->"C:\Program Files\Samsung Casual Games\Diner Dash 2\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Diner Dash 2\install.log"
Diner Dash: Flo on the Go (remove only)-->C:\Program Files\Yahoo! Games\DinerDashFloOnTheGo\Uninstall.exe {F29B002B-1403-F11F-21C7-0F414861BEE7}
Diner Dash: Flo on the Go-->MsiExec.exe /X{F29B002B-1403-F11F-21C7-0F414861BEE7}
Dream Chronicles-->"C:\Program Files\Samsung Casual Games\Dream Chronicles\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Dream Chronicles\install.log"
Dream Day First Home-->"C:\Program Files\Samsung Casual Games\Dream Day First Home\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Dream Day First Home\install.log"
Easy Display Manager-->"C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Easy Network Manager-->MsiExec.exe /I{A7581D39-EA20-4883-A480-80C21047052B}
Easy Resolution Manager-->MsiExec.exe /I{9CAC71E9-D196-472E-845C-5462356B2AE1}
Galapago-->"C:\Program Files\Samsung Casual Games\Galapago\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Galapago\install.log"
Game Pack-->"C:\Program Files\Samsung Casual Games\GameConsole\unins000.exe"
Go Go Gourmet Chef of the Year-->"C:\Program Files\Samsung Casual Games\Go Go Gourmet Chef of the Year\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Go Go Gourmet Chef of the Year\install.log"
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952117-v2)-->"C:\WINDOWS\$NtUninstallKB952117-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
imagine digital freedom - Samsung-->MsiExec.exe /X{8E106A57-A17E-431D-B48F-175E42EB9F74}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Magic Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\Setup.exe" -l0x9 Remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Activation Assistant for Netbooks-->MsiExec.exe /X{0DCF2BB4-A124-4596-89F7-5670294E091B}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar Platform-->MsiExec.exe /I{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}
MSN Toolbar-->C:\Program Files\MSN Toolbar Installer\InstallManager.exe /UNINSTALL
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
REALTEK Wireless LAN Software-->C:\Program Files\InstallShield Installation Information\{6A1F72DD-2465-43A2-A137-8A849399B7A8}\Install.exe -uninst -l0x9
Samsung Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\Setup.exe" -l0x9 Remove
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung Update Plus-->"C:\Program Files\InstallShield Installation Information\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
WebCam SCB-0340N-->C:\Program Files\InstallShield Installation Information\{71A51BED-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Zuma Deluxe-->"C:\Program Files\Samsung Casual Games\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Zuma Deluxe\install.log"

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: CJNETBOOK
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0024D2DBC184. The IP address being used is 169.254.6.62.

Record Number: 7302
Source Name: Dhcp
Time Written: 20100423215049.000000+060
Event Type: warning
User:

Computer Name: CJNETBOOK
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{49107839-15AA-4BAF-BD22-C5B7C65B4410}.

Record Number: 7300
Source Name: Server
Time Written: 20100423214943.000000+060
Event Type: warning
User:

Computer Name: CJNETBOOK
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0024D2DBC184. The IP address being used is 169.254.6.62.

Record Number: 7297
Source Name: Dhcp
Time Written: 20100423214937.000000+060
Event Type: warning
User:

Computer Name: CJNETBOOK
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0024D2DBC184. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 7296
Source Name: Dhcp
Time Written: 20100423210657.000000+060
Event Type: warning
User:

Computer Name: CJNETBOOK
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0024D2DBC184. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 7294
Source Name: Dhcp
Time Written: 20100423210631.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: CJNETBOOK
Event Code: 1002
Message: Hanging application EXCEL.EXE, version 12.0.6214.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1800
Source Name: Application Hang
Time Written: 20100415134451.000000+060
Event Type: error
User:

Computer Name: CJNETBOOK
Event Code: 1000
Message: Faulting application excel.exe, version 12.0.6214.1000, stamp 47069e60, faulting module excel.exe, version 12.0.6214.1000, stamp 47069e60, debug? 0, fault address 0x0033fc59.

Record Number: 1799
Source Name: Microsoft Office 12
Time Written: 20100415134414.000000+060
Event Type: error
User:

Computer Name: CJNETBOOK
Event Code: 1000
Message: Faulting application excel.exe, version 12.0.6214.1000, stamp 47069e60, faulting module excel.exe, version 12.0.6214.1000, stamp 47069e60, debug? 0, fault address 0x0033fc59.

Record Number: 1798
Source Name: Microsoft Office 12
Time Written: 20100415130248.000000+060
Event Type: error
User:

Computer Name: CJNETBOOK
Event Code: 1002
Message: Hanging application EXCEL.EXE, version 12.0.6214.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1797
Source Name: Application Hang
Time Written: 20100415124939.000000+060
Event Type: error
User:

Computer Name: CJNETBOOK
Event Code: 1000
Message: Faulting application excel.exe, version 12.0.6214.1000, stamp 47069e60, faulting module excel.exe, version 12.0.6214.1000, stamp 47069e60, debug? 0, fault address 0x0033fc59.

Record Number: 1796
Source Name: Microsoft Office 12
Time Written: 20100415124724.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip

-----------------EOF-----------------

log.txt
Logfile of random's system information tool 1.07 (written by random/random)
Run by Chris at 2010-05-07 19:28:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 95 GB (83%) free of 115 GB
Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:29:10, on 07/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Chris\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BatteryLifeExtender] C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Workstation lanmanworkstationMSDTC (lanmanworkstationMSDTC) - Unknown owner - C:\WINDOWS\system32\1025f.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 9852 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3149607596-3049610851-3591432441-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3149607596-3049610851-3591432441-1005UA.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-11-11 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\progra~1\mcafee\sitead~1\mcieplg.dll [2009-12-14 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll [2009-12-08 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-13 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll [2009-12-08 506720]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\progra~1\mcafee\sitead~1\mcieplg.dll [2009-12-14 204048]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-02-18 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-02-18 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-02-18 137752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-28 1044480]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"DMHotKey"=C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944]
"BatteryManager"=C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2009-06-02 3153408]
"MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-15 151552]
"SUPBackground"=C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-02-03 294912]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [2009-12-08 240992]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-02-11 1218008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BatteryLifeExtender"=C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-03-14 550912]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-07 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-05-07 19:28:49 ----D---- C:\Program Files\trend micro
2010-05-07 19:28:47 ----D---- C:\rsit
2010-05-02 19:16:46 ----D---- C:\Program Files\TrendMicro
2010-05-02 17:04:24 ----D---- C:\Documents and Settings\Chris\Application Data\Mozilla
2010-05-01 22:55:56 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-04-29 22:59:53 ----D---- C:\Documents and Settings\Chris\Application Data\Malwarebytes
2010-04-29 22:59:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-29 22:59:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-29 22:19:21 ----D---- C:\Program Files\CCleaner
2010-04-29 20:43:08 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-04-25 22:44:20 ----D---- C:\WINDOWS\Sun
2010-04-25 21:09:04 ----D---- C:\Documents and Settings\Chris\Application Data\Facebook
2010-04-19 17:26:07 ----D---- C:\WINDOWS\system32\windowspowershell
2010-04-19 17:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2010-04-16 09:20:06 ----D---- C:\Documents and Settings\Chris\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-04-16 09:19:37 ----D---- C:\Program Files\BBC iPlayer Desktop
2010-04-16 09:19:23 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-04-14 14:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 14:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 13:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-14 13:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 13:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 13:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 13:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 19:37:18 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-04-13 19:36:39 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-13 19:36:39 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-04-13 19:36:38 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-13 19:36:38 ----A---- C:\WINDOWS\system32\java.exe
2010-04-13 19:34:48 ----D---- C:\Documents and Settings\Chris\Application Data\Sun

======List of files/folders modified in the last 1 months======

2010-05-07 19:28:50 ----D---- C:\WINDOWS\Temp
2010-05-07 19:28:49 ----RD---- C:\Program Files
2010-05-07 19:28:46 ----D---- C:\WINDOWS\Prefetch
2010-05-07 19:27:03 ----D---- C:\WINDOWS
2010-05-07 19:25:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-07 18:25:47 ----D---- C:\Documents and Settings\Chris\Application Data\Skype
2010-05-03 18:00:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-03 10:19:48 ----SD---- C:\Documents and Settings\Chris\Application Data\Microsoft
2010-05-02 22:39:28 ----RASH---- C:\boot.ini
2010-05-02 22:39:28 ----A---- C:\WINDOWS\win.ini
2010-05-02 22:39:28 ----A---- C:\WINDOWS\system.ini
2010-05-02 19:16:49 ----SHD---- C:\WINDOWS\Installer
2010-05-02 19:02:54 ----D---- C:\WINDOWS\system32
2010-05-02 19:00:31 ----D---- C:\WINDOWS\Network Diagnostic
2010-05-02 17:03:26 ----D---- C:\Program Files\Mozilla Firefox
2010-05-02 08:56:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-30 11:31:29 ----SD---- C:\WINDOWS\Tasks
2010-04-30 11:25:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-29 23:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-29 23:13:31 ----D---- C:\WINDOWS\system32\drivers
2010-04-29 22:00:08 ----D---- C:\Program Files\Google
2010-04-19 20:07:02 ----RSD---- C:\WINDOWS\assembly
2010-04-19 20:06:25 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-19 17:26:31 ----A---- C:\WINDOWS\imsins.BAK
2010-04-19 17:26:29 ----HD---- C:\WINDOWS\inf
2010-04-19 17:26:15 ----D---- C:\WINDOWS\system32\config
2010-04-16 09:19:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-04-16 09:19:23 ----D---- C:\Program Files\Common Files
2010-04-16 09:18:42 ----D---- C:\Documents and Settings\Chris\Application Data\Adobe
2010-04-15 13:23:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-04-14 14:00:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 12:20:21 ----D---- C:\WINDOWS\system32\wbem
2010-04-14 12:20:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-14 12:17:57 ----RSD---- C:\WINDOWS\Fonts
2010-04-14 12:16:32 ----D---- C:\Program Files\Microsoft Office
2010-04-14 12:16:32 ----D---- C:\Program Files\Common Files\System
2010-04-14 08:31:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-14 07:38:14 ----D---- C:\Documents and Settings\Chris\Application Data\Identities
2010-04-13 19:37:15 ----D---- C:\Program Files\Common Files\Java
2010-04-13 19:35:45 ----D---- C:\Program Files\Java
2010-04-11 20:44:11 ----D---- C:\WINDOWS\Help
2010-04-11 16:09:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-11 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-05-23 5082624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-11 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-11 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-11 40552]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-29 143360]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-28 224736]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VMC33F;Vimicro Camera Service VMC33F; C:\WINDOWS\System32\Drivers\VMC33F.sys [2009-07-01 237952]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-11 34248]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver; C:\WINDOWS\system32\DRIVERS\rtl819xp.sys [2009-05-08 517504]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-13 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-14 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2010-02-11 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-11 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-11 606736]
S2 lanmanworkstationMSDTC;Workstation lanmanworkstationMSDTC; C:\WINDOWS\system32\1025f.exe srv []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2010-01-25 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

GMER log to follow
ChrisUK
Active Member
 
Posts: 10
Joined: May 2nd, 2010, 2:52 pm

Re: Virus stops windows update & redirects search engine results

Unread postby ChrisUK » May 8th, 2010, 5:02 pm

and here is the GMER file


GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-08 19:53:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\fwrdipow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA9F9478A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA9F94821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9F94738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA9F9474C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA9F94835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA9F94861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA9F948CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA9F948B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA9F947CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA9F948FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA9F9480D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA9F94710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA9F94724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA9F9479E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA9F94937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA9F948A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA9F9488D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA9F9484B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA9F94923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA9F9490F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA9F94776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA9F94762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA9F94877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9F947F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA9F948E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA9F947E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA9F947B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 80515A92 7 Bytes JMP A9F947B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572BDF 5 Bytes JMP A9F94811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80572F19 7 Bytes JMP A9F94891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 80573DFB 5 Bytes JMP A9F9478E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80574B1F 5 Bytes JMP A9F94766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80578710 5 Bytes JMP A9F94825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A401 5 Bytes JMP A9F947E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057A879 7 Bytes JMP A9F947CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 8057E85A 7 Bytes JMP A9F9493B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8057EC5A 7 Bytes JMP A9F948D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057F1C3 7 Bytes JMP A9F947A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8057F592 5 Bytes JMP A9F94714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8057FCE0 7 Bytes JMP A9F9487B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 80584849 5 Bytes JMP A9F94728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8059056D 7 Bytes JMP A9F94750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 80593435 5 Bytes JMP A9F947FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80594DB6 7 Bytes JMP A9F948BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 805983A2 7 Bytes JMP A9F94865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80599783 7 Bytes JMP A9F94839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B62C0 5 Bytes JMP A9F9473C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805E2166 5 Bytes JMP A9F948FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 80635C83 5 Bytes JMP A9F9477A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 806550EA 7 Bytes JMP A9F948E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 80655A23 7 Bytes JMP A9F948A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 80655EA2 7 Bytes JMP A9F9484F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 80656395 5 Bytes JMP A9F94913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 806567FE 5 Bytes JMP A9F94927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\DRIVERS\intelppm.sys entry point in ".rsrc" section [0xF7721494]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009F007D
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009F0F88
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009F0FA5
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009F0062
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009F0047
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009F00A2
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009F0F50
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009F0F1A
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009F00B3
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009F0F09
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009F0FC0
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009F0F6D
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009F0025
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009F0F3F
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00070FC3
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00070076
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070065
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060F9A
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060FAB
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FBC
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[708] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[708] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[708] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00040FB9
.text C:\WINDOWS\system32\services.exe[708] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00040F9E
.text C:\WINDOWS\system32\services.exe[708] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010D0000
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010D005F
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010D0F74
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010D004E
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010D0F9B
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010D0033
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010D0F2A
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010D0F45
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010D00AB
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010D0F08
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010D00BC
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010D0FAC
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateFileW 7C810800 3 Bytes JMP 010D0011
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateFileW + 4 7C810804 1 Byte [84]
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreatePipe 7C81D83F 3 Bytes JMP 010D0070
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreatePipe + 4 7C81D843 1 Byte [84]
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010D0FD1
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010D0022
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010D0F19
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010C0025
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010C0051
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010C000A
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010C0FD4
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010C0040
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010C0FE5
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 010C0F9E
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [2C, 89] {SUB AL, 0x89}
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010C0FB9
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010B0027
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!system 77C293C7 5 Bytes JMP 010B0F9C
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010B000C
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010B0FE3
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010B0FB7
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010B0FD2
.text C:\WINDOWS\system32\lsass.exe[720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010A000A
.text C:\WINDOWS\system32\lsass.exe[720] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01090000
.text C:\WINDOWS\system32\lsass.exe[720] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01090011
.text C:\WINDOWS\system32\lsass.exe[720] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0109002C
.text C:\WINDOWS\system32\lsass.exe[720] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01090047
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02560000
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02560FA3
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02560098
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02560087
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02560076
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0256004A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025600D3
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02560F81
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02560F4B
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02560F66
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025600FF
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02560065
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02560FEF
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02560F92
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0256002F
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02560FDE
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025600E4
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024D0025
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024D0062
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024D0FD4
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024D0000
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 024D0FA5
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 024D0FE5
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 024D0051
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 024D0040
.text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024C0FB2
.text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!system 77C293C7 5 Bytes JMP 024C0FC3
.text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024C0FEF
.text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024C000C
.text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024C0FD4
.text C:\WINDOWS\system32\svchost.exe[884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024C0029
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 024A0000
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 024A0011
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 024A0FDB
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 024A0FCA
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 024B0FEF
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01010FEF
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01010F32
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01010F4D
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01010027
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01010F68
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01010F94
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0101004C
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01010F04
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01010093
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01010082
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01010EDF
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01010F79
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01010FCA
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01010F21
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01010FAF
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0101000A
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01010067
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FB001B
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FB004A
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FB0FCA
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FB0FE5
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FB0F8D
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FB0FA8
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1B, 89]
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FB0FB9
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FA005A
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA0FCF
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FA002E
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FA003F
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FA0011
.text C:\WINDOWS\system32\svchost.exe[956] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[956] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F8000A
.text C:\WINDOWS\system32\svchost.exe[956] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F80025
.text C:\WINDOWS\system32\svchost.exe[956] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F80036
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F9000A
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02D90FEF
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02D90078
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02D90067
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02D9004A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02D90F8D
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02D9002F
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02D900BA
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02D900A9
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02D900D5
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02D90F3C
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02D90F21
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02D90FA8
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02D90FD4
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02D90F72
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02D9001E
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02D90FC3
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02D90F57
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02CC0FCA
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02CC006C
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02CC001B
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02CC000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02CC0051
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02CC0FEF
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02CC0FAF
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EC, 8A]
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02CC0036
.text C:\WINDOWS\System32\svchost.exe[1016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02CB0042
.text C:\WINDOWS\System32\svchost.exe[1016] msvcrt.dll!system 77C293C7 5 Bytes JMP 02CB0031
.text C:\WINDOWS\System32\svchost.exe[1016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02CB000C
.text C:\WINDOWS\System32\svchost.exe[1016] msvcrt.dll!_open 77C2F566 3 Bytes JMP 02CB0FE3
.text C:\WINDOWS\System32\svchost.exe[1016] msvcrt.dll!_open + 4 77C2F56A 1 Byte [8B]
.text C:\WINDOWS\System32\svchost.exe[1016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02CB0FC1
.text C:\WINDOWS\System32\svchost.exe[1016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02CB0FD2
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02C90FEF
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02C90FD4
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02C90FB9
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02C90FA8
.text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40F64
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40F75
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40F90
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40FA1
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FB2
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40F38
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40074
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A400B6
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A40F27
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40F02
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40043
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40FDE
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F53
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FC3
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40014
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A400A5
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30FD4
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30F94
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30025
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30051
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A30FAF
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C3, 88]
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A2003A
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20FB9
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20FDE
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20029
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A20018
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A00025
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A00040
.text C:\WINDOWS\system32\svchost.exe[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A1000A
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90F61
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90F72
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90056
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90F8D
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E9001E
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90F50
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E9008C
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F2E
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E900BD
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E900EC
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E9002F
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90FD4
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E90071
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90FA8
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E90FB9
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E90F3F
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80FC3
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80F94
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E80014
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E80FDE
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80051
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E80040
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E8002F
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E70F95
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70020
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70FC1
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E70FA6
.text C:\WINDOWS\system32\svchost.exe[1200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70FD2
.text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E5000A
.text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E5001B
.text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E50FE5
.text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E50036
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E6000A
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20042
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20F4D
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20025
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20F68
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20014
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D20084
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20F3C
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D2009F
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20F06
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D200BA
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D20F8D
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D20FDE
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D2005D
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D20FB2
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D20FC3
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D20F17
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D10FAF
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D1002C
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D10076
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D10FCA
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F1, 88]
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D10051
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D0000C
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00044
.text C:\WINDOWS\system32\svchost.exe[1368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00029
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CE0022
.text C:\WINDOWS\system32\svchost.exe[1368] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CE0FD1
.text C:\WINDOWS\system32\svchost.exe[1368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[1672] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02710FEF
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02710F94
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0271007F
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02710062
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02710051
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02710FAF
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027100D0
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027100BF
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02710F5C
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027100F5
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02710110
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02710036
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0271000A
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 027100A4
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0271001B
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02710FD4
.text C:\WINDOWS\Explorer.EXE[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02710F6D
.text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02700FDE
.text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02700087
.text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02700025
.text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0270000A
.text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02700076
.text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02700FEF
.text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02700065
.text C:\WINDOWS\Explorer.EXE[1672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0270004A
.text C:\WINDOWS\Explorer.EXE[1672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 026F0F7A
.text C:\WINDOWS\Explorer.EXE[1672] msvcrt.dll!system 77C293C7 5 Bytes JMP 026F0F95
.text C:\WINDOWS\Explorer.EXE[1672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 026F0FC1
.text C:\WINDOWS\Explorer.EXE[1672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 026F0FEF
.text C:\WINDOWS\Explorer.EXE[1672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 026F0FA6
.text C:\WINDOWS\Explorer.EXE[1672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 026F0FDE
.text C:\WINDOWS\Explorer.EXE[1672] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 026D000A
.text C:\WINDOWS\Explorer.EXE[1672] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 026D0FEF
.text C:\WINDOWS\Explorer.EXE[1672] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 026D001B
.text C:\WINDOWS\Explorer.EXE[1672] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 026D002C
.text C:\WINDOWS\Explorer.EXE[1672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 026E0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D90F54
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D90049
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D90038
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D90F6F
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D9001B
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D90F0B
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D90F1C
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D90EDF
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D90078
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D90ECE
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D90F94
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D90F39
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D90FB9
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D90FCA
.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D90EFA
.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D80047
.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D80095
.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D8002C
.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D8001B
.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D80084
.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D8000A
.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D80069
.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D80058
.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D70036
.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D70FAB
.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D70011
.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D70FBC
.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D70FD7
.text C:\WINDOWS\system32\svchost.exe[2192] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[2192] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D6001B
.text C:\WINDOWS\system32\svchost.exe[2192] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D60FE5
.text C:\WINDOWS\system32\svchost.exe[2192] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D60040
.text C:\WINDOWS\system32\wuauclt.exe[2772] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\wuauclt.exe[2772] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\wuauclt.exe[2772] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02B40FEF
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02B40F4B
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02B40040
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02B40F66
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02B4002F
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02B40014
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02B40093
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02B40082
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02B400B8
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02B40F1F
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02B40F04
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02B40F8D
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02B40FD4
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02B40065
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02B40F9E
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02B40FB9
.text C:\WINDOWS\system32\wuauclt.exe[2772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02B40F30
.text C:\WINDOWS\system32\wuauclt.exe[2772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02B20F9C
.text C:\WINDOWS\system32\wuauclt.exe[2772] msvcrt.dll!system 77C293C7 5 Bytes JMP 02B20FAD
.text C:\WINDOWS\system32\wuauclt.exe[2772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02B20FD2
.text C:\WINDOWS\system32\wuauclt.exe[2772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02B20000
.text C:\WINDOWS\system32\wuauclt.exe[2772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02B2001D
.text C:\WINDOWS\system32\wuauclt.exe[2772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02B20FE3
.text C:\WINDOWS\system32\wuauclt.exe[2772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B30040
.text C:\WINDOWS\system32\wuauclt.exe[2772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B30076
.text C:\WINDOWS\system32\wuauclt.exe[2772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B30FEF
.text C:\WINDOWS\system32\wuauclt.exe[2772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B30025
.text C:\WINDOWS\system32\wuauclt.exe[2772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02B30065
.text C:\WINDOWS\system32\wuauclt.exe[2772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02B3000A
.text C:\WINDOWS\system32\wuauclt.exe[2772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02B30FB9
.text C:\WINDOWS\system32\wuauclt.exe[2772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D3, 8A]
.text C:\WINDOWS\system32\wuauclt.exe[2772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02B30FCA
.text C:\WINDOWS\system32\wuauclt.exe[2772] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02A20FE5
.text C:\WINDOWS\system32\wuauclt.exe[2772] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02A20FD4
.text C:\WINDOWS\system32\wuauclt.exe[2772] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02A20FAF
.text C:\WINDOWS\system32\wuauclt.exe[2772] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02A20F94
.text C:\WINDOWS\system32\wuauclt.exe[2772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02B10FEF
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011E0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011E0F68
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011E005D
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011E0F83
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011E0F94
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011E0FC0
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011E0F30
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011E0078
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011E009D
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011E0F04
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011E0EE9
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011E0FA5
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011E0000
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011E0F4D
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011E002C
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011E001B
.text C:\Program Files\Messenger\msmsgs.exe[3584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011E0F15
.text C:\Program Files\Messenger\msmsgs.exe[3584] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011C002C
.text C:\Program Files\Messenger\msmsgs.exe[3584] msvcrt.dll!system 77C293C7 5 Bytes JMP 011C001B
.text C:\Program Files\Messenger\msmsgs.exe[3584] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011C0000
.text C:\Program Files\Messenger\msmsgs.exe[3584] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011C0FE3
.text C:\Program Files\Messenger\msmsgs.exe[3584] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011C0FAB
.text C:\Program Files\Messenger\msmsgs.exe[3584] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011C0FD2
.text C:\Program Files\Messenger\msmsgs.exe[3584] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 011D0FC3
.text C:\Program Files\Messenger\msmsgs.exe[3584] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011D0F6B
.text C:\Program Files\Messenger\msmsgs.exe[3584] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 011D0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3584] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 011D0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3584] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 011D0F7C
.text C:\Program Files\Messenger\msmsgs.exe[3584] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 011D0000
.text C:\Program Files\Messenger\msmsgs.exe[3584] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 011D0F8D
.text C:\Program Files\Messenger\msmsgs.exe[3584] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [3D, 89]
.text C:\Program Files\Messenger\msmsgs.exe[3584] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 011D0FA8
.text C:\Program Files\Messenger\msmsgs.exe[3584] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011B0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3584] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF0000
.text C:\Program Files\Messenger\msmsgs.exe[3584] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF0011
.text C:\Program Files\Messenger\msmsgs.exe[3584] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF0FDB
.text C:\Program Files\Messenger\msmsgs.exe[3584] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FF0FCA

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86209EE4

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\intelppm.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
ChrisUK
Active Member
 
Posts: 10
Joined: May 2nd, 2010, 2:52 pm

Re: Virus stops windows update & redirects search engine results

Unread postby xixo_12 » May 8th, 2010, 7:13 pm

Hi,
You've some rootkit infection.
We will take care of it.
Please read my instruction properly ;)

First,
Analyze file(s).
Please visit Jotti.
Click on browse > copy below link (one by one) and paste on the File name box > Click Open:
C:\WINDOWS\system32\MEMIO.SYS
C:\WINDOWS\system32\1025f.exe srv

  • Press Submit file - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next,
SystemLook by jpshortstuff.
Please download from one of the links below and save it to the Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *intelppm*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next,
Checklist.
Please post.
  • Web links = 2
  • Content of SystemLook.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Virus stops windows update & redirects search engine results

Unread postby ChrisUK » May 9th, 2010, 4:36 pm

Hi,

I have run the following instructions although have had a problem

1. here is the permalink for MEMIO
http://virusscan.jotti.org/en-gb/scanre ... 3ea839f14c

2. The other file could not be found! I dont know if you can help with this or if its normal?

3.Here is the SystemLook
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:31 on 09/05/2010 by Chris (Administrator - Elevation successful)

========== filefind ==========

Searching for "*intelppm*"
C:\WINDOWS\I386\INTELPPM.SY_ ------ 22099 bytes [21:53 30/07/2009] [12:00 14/04/2008] 3F0A8CE2F40092DF34D3CC766A2D3F7D
C:\WINDOWS\system32\drivers\intelppm.sys --a--- 36352 bytes [00:01 14/04/2008] [12:00 14/04/2008] 8C953733D8F36EB2133F5BB58808B66B

-=End Of File=-

Many Thanks

Chris
ChrisUK
Active Member
 
Posts: 10
Joined: May 2nd, 2010, 2:52 pm

Re: Virus stops windows update & redirects search engine results

Unread postby xixo_12 » May 9th, 2010, 11:05 pm

Hi,

I need to check on something, I will back to you soon.
This will take some time :)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Virus stops windows update & redirects search engine results

Unread postby xixo_12 » May 10th, 2010, 10:08 am

Hi,
Let's proceed.
We will try on it. :)

First,
Copy File.
  • Open Notepad.exe
  • Copy and paste below code into the notepad.
    Code: Select all
    COPY /Y C:\WINDOWS\system32\drivers\intelppm.sys c:\intelppm.sys
    DEL %0
  • Click on File > Save As
    Save in : Desktop
    File name : xixo.bat
    Save as type : All Files
  • It will look like this :
    Image
  • Double click on xixo.bat and the batch file will perform the task and auto delete itself.

Next,
Analyze file(s).
Please visit Jotti.
Click on browse > copy below link (one by one) and paste on the File name box > Click Open:
C:\WINDOWS\system32\1025f.exe
c:\intelppm.sys

  • Press Submit file - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next,
Checklist.
Please post.
  • Web links = 2
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Virus stops windows update & redirects search engine results

Unread postby ChrisUK » May 10th, 2010, 2:04 pm

Hi again,

I have run the xixo.bat file and it delted its self as you said.

Here is the Permalink for intelppm file
http://virusscan.jotti.org/en-gb/scanre ... 97d9d7f3fc

I still cant find the file 1025f.exe to run on Jottis.
I have tried the file link in your post
I have also run a search on my computer for anything named 1025f but found nothing!

Many Thanks

Chris :)
ChrisUK
Active Member
 
Posts: 10
Joined: May 2nd, 2010, 2:52 pm

Re: Virus stops windows update & redirects search engine results

Unread postby xixo_12 » May 10th, 2010, 5:35 pm

Hi,
Let's proceed

First,
Avenger2 by Swandog46
Please download from HERE, save to the desktop and unzip it.
Note: This programme must be run from an account with Administrator priviledges.
  • Open the Avenger folder and double click Avenger.exe to launch the programme.
  • Copy the text in the code box below and Paste it into the Input script here: box.
Code: Select all
Files to move:
c:\intelppm.sys | C:\WINDOWS\system32\drivers\intelppm.sys


Note: the above code was created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

  • Ensure the following:
    • Scan for Rootkits is checked.
    • Automatically disable any rootkits found is Unchecked.
  • Press the Execute key.
  • Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
  • Post the log back here please. (it can also be found at C:\avenger.txt)

Next,
GMER
Please run it again.

Next,
Discussion
Any improvement on your system?

Next,
Checklist.
Please post.
  • Content of avenger.txt
  • Content of GMER.txt
  • Respond to our discussion
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Virus stops windows update & redirects search engine results

Unread postby ChrisUK » May 11th, 2010, 5:36 pm

xixo_12 you are a star

the avenger.txt file is below,

I cant get the GMER to run without it keep crashing my PC, I will try it again tomorrow night in Safe Mode.

However....
Google Chrome now works
Windows Update URL now works
Searh Engines no longer give me funny results
so all looking food so far :cheers:

Will post GMER once I have it, but for now thanks for everything I really appriciate it

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\intelppm.sys|C:\WINDOWS\system32\drivers\intelppm.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
ChrisUK
Active Member
 
Posts: 10
Joined: May 2nd, 2010, 2:52 pm

Re: Virus stops windows update & redirects search engine results

Unread postby xixo_12 » May 11th, 2010, 6:37 pm

Hi,

Good! :)
Do let me know if Gmer keeps fail. Otherwise, we will move on with other instructions

Thanks!
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Virus stops windows update & redirects search engine res

Unread postby ChrisUK » May 12th, 2010, 5:40 pm

Hi,

I have tried running GMER again, but after about half an hour it is still just restarting the PC.

Everything else still seems to be working fine.

Cheers

Chris
ChrisUK
Active Member
 
Posts: 10
Joined: May 2nd, 2010, 2:52 pm

Re: Virus stops windows update & redirects search engine res

Unread postby xixo_12 » May 12th, 2010, 6:56 pm

Hi,
Let's proceed.
No worries about GMER.

FIrst,
Remove programs.
Please Click on Start > Control Panel > Add/Remove Programs
Remove the listed program(s) by clicking Remove
Adobe Reader 9

If some programs listed above are not in present, please do not panic and proceed to the next step.

Next,
Update Adobe Reader.
You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.


Next,
Java is out of date.
It can be updated by the Java control panel
  • Click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Follow the prompts.

Next,
CCleaner - Clear temp.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted.
    (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.
  • Click on the Options icon at the left side of the window, then click on Advanced. Untick Only delete files in Windows Temp folders older than 48 hours.
  • Click on the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the Issues feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.

Next,
Kaspersky Online AV Scan
Note: Internet Explorer should be used.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next.

Next,
Checklist.
Please post.
  • Content of kaspersky scan log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware