Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This Log - please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack This Log - please help

Unread postby vietgirl801 » June 25th, 2010, 9:46 am

Hello. First time poster. I hope someone can help.
Problem: everytime I open internet IE8 i get pop ups and redirected (during search)
Attempts: I've performed a McAfee scan, Mawarebytes' anti-malware and super Antispyware in safe mode (with no network). All programs were able to identify some possible targets which I've removed. I still have the popups and redirect problem. I then tried Microsoft's anti spyware and SEarch and Destroy scans with no success. I'm out of ideas. Please help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:54 AM, on 6/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/61.12/uploader2.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Filter hijack: text/html - {57ba933a-a26e-4252-bdb8-cf4a8147176f} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8242 bytes


Thank you
vietgirl801
Active Member
 
Posts: 11
Joined: June 25th, 2010, 9:40 am
Advertisement
Register to Remove

Re: Hijack This Log - please help

Unread postby vict0r » June 28th, 2010, 10:36 am

Hello and welcome to MWR.

Please read the following information carefully.

IMPORTANT: Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

To make cleaning this machine easier:

  • Continue to respond to this thread until I I tell you that the logs are clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.


Please post an Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Hijack This Log - please help

Unread postby vietgirl801 » June 28th, 2010, 10:44 pm

Thank you for your generous offer to help. I greatly appreciate it. Below is the requested uninstall list.


Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon MP Navigator 2.2
Canon MP530
CCleaner
Comcast High-Speed Internet Install Wizard
Dell Resource CD
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Easy-WebPrint
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GraphPad Prism 5 (Trial)
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Quick Resume Technology Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
K-Lite Mega Codec Pack 4.9.0
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash Player 8 Plugin
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
Modem Helper
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
neroxml
NVIDIA Drivers
OmniPage SE 2.0
Otto
Picasa 3
Presto! PageManager 7.15.11
PrimoPDF -- by Nitro PDF Software
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SigmaTel Audio
Snood 4
Sonic Encoders
Spybot - Search & Destroy
SUPERAntiSpyware
The Rosetta Stone
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
vietgirl801
Active Member
 
Posts: 11
Joined: June 25th, 2010, 9:40 am

Re: Hijack This Log - please help

Unread postby vict0r » June 30th, 2010, 6:15 am

I'm sorry about the delay. I haven't forgotten you and I will post as soon as possible.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Hijack This Log - please help

Unread postby vict0r » June 30th, 2010, 7:49 am

Hi

Please tell me, is this computer used for business purposes?


Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop:

Image
Download DDS and save it to your desktop

Link1
Link2
Link3 <<< right click and select Save as...

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on the dds icon, a command window will appear. This is normal.
  • Two logs will appear when the scan is finished:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


Disable McAfee AntiVirus

  • Right click the McAfee Antivirus icon in the system tray.
  • Select the menu entry to disable the on-access scanner.
Note: Don't forget to re-enable it after the fix.


GMER

Please download GMER Rootkit Scanner from Here. Save it to your desktop.
  • Double click the .exe file. If asked to allow gmer's ".sys" driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


If GMER crashes, please try the scan in safe mode. You might want to save these instructions with notepad or print them because there's no internet in safe mode:

  • Restart your computer
  • During startup, but before the Windows logo appears, tap the F5/F8 key continually or hold down the Shift key;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • When asked to proceed to safe mode, click Yes.
  • Make sure AVG is disabled, then follow the GMER instructions.
  • When finished reboot the computer.


You can now enable McAfee Antivirus


When ready, please post:
  • the answer to any questions
  • the dds logs
  • the GMER log
  • did any problems occur while following the instructions?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Hijack This Log - please help

Unread postby vietgirl801 » June 30th, 2010, 9:07 pm

Thank you for the detailed instructions. Below are the information that you've request.

Please tell me, is this computer used for business purposes? -computer is used as home for personal use
did any problems occur while following the instructions? -after I performed the scan on Gmer and saved the txt file, I opened internet explorer and the screen went black. I restarted the computer and everything seems operational.

The google redirect are getting pretty bad. And I'm getting random pops up too. thank you so much for your help.

DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by anh at 19:58:33.14 on Wed 06/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2609 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\DOCUME~1\anh\LOCALS~1\Temp\UIUCU.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\anh\Desktop\dds.pif
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UIUCU] c:\docume~1\anh\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.12/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/sho ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-2 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-1-27 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-1-27 54608]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-3-11 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-3-11 34408]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-3-11 177864]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\askservice.exe --> c:\program files\askbardis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\askupgrade.exe --> c:\program files\askbardis\bar\bin\ASKUpgrade.exe [?]
S4 gupdate1c9ba4e5b101f64;Google Update Service (gupdate1c9ba4e5b101f64);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]

=============== Created Last 30 ================

2010-06-29 03:19:59 0 d-----w- c:\windows\system32\vmm32
2010-06-29 03:07:30 0 d-----w- c:\program files\Creative
2010-06-25 01:58:50 0 d-----w- c:\program files\Trend Micro
2010-06-25 01:50:10 0 d-----w- c:\program files\Snood 4
2010-06-21 00:40:18 0 d-----w- c:\docume~1\anh\applic~1\SUPERAntiSpyware.com
2010-06-21 00:40:18 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-06-21 00:39:47 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-20 14:48:03 0 d-----w- c:\docume~1\anh\applic~1\Malwarebytes
2010-06-20 14:02:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 14:02:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 14:02:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 14:02:21 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-06-20 13:20:13 0 d-----w- c:\program files\CCleaner
2010-06-20 06:58:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-20 00:00:34 13738 ----a-w- c:\windows\system32\wpa.dbl
2010-06-13 23:30:32 0 d-----w- c:\program files\pdfsam
2010-06-13 22:41:03 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 01:40:06 0 d-----w- c:\docume~1\anh\applic~1\NewSoft

==================== Find3M ====================

2010-05-14 16:25:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-05-14 16:25:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-03-29 17:07:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030920090316\index.dat
2009-03-29 17:07:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032920090330\index.dat

============= FINISH: 20:00:18.06 ===============


DDS attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/11/2009 1:07:03 AM
System Uptime: 6/30/2010 7:56:38 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WG855
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 293 GiB total, 98.853 GiB free.
D: is CDROM (CDFS)
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SigmaTel High Definition Audio CODEC
Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7618&SUBSYS_00000100&REV_1002\4&329F3825&0&0201
Manufacturer: SigmaTel
Name: SigmaTel High Definition Audio CODEC
PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7618&SUBSYS_00000100&REV_1002\4&329F3825&0&0201
Service: STHDA

==== System Restore Points ===================

RP1210: 4/1/2010 9:48:02 PM - Software Distribution Service 3.0
RP1211: 4/2/2010 10:59:39 AM - Software Distribution Service 3.0
RP1212: 4/2/2010 1:09:17 PM - Software Distribution Service 3.0
RP1213: 4/2/2010 5:39:55 PM - Software Distribution Service 3.0
RP1214: 4/2/2010 10:36:10 PM - Software Distribution Service 3.0
RP1215: 4/3/2010 11:53:26 AM - Software Distribution Service 3.0
RP1216: 4/3/2010 1:29:11 PM - Software Distribution Service 3.0
RP1217: 4/3/2010 5:32:02 PM - Software Distribution Service 3.0
RP1218: 4/3/2010 10:17:44 PM - Software Distribution Service 3.0
RP1219: 4/4/2010 12:00:17 PM - Software Distribution Service 3.0
RP1220: 4/4/2010 4:15:25 PM - Software Distribution Service 3.0
RP1221: 4/4/2010 9:20:34 PM - Software Distribution Service 3.0
RP1222: 4/5/2010 12:00:13 PM - Software Distribution Service 3.0
RP1223: 4/5/2010 12:18:21 PM - Software Distribution Service 3.0
RP1224: 4/5/2010 5:26:41 PM - Software Distribution Service 3.0
RP1225: 4/6/2010 12:01:48 AM - Software Distribution Service 3.0
RP1226: 4/6/2010 8:41:01 AM - Software Distribution Service 3.0
RP1227: 4/6/2010 10:10:42 AM - Software Distribution Service 3.0
RP1228: 4/6/2010 2:11:57 PM - Software Distribution Service 3.0
RP1229: 4/6/2010 10:50:47 PM - Software Distribution Service 3.0
RP1230: 4/7/2010 12:32:57 PM - Software Distribution Service 3.0
RP1231: 4/8/2010 1:04:06 AM - Software Distribution Service 3.0
RP1232: 4/8/2010 12:00:13 PM - Software Distribution Service 3.0
RP1233: 4/8/2010 3:37:34 PM - Software Distribution Service 3.0
RP1234: 4/8/2010 11:57:39 PM - Software Distribution Service 3.0
RP1235: 4/9/2010 11:19:41 AM - Software Distribution Service 3.0
RP1236: 4/9/2010 2:50:47 PM - Software Distribution Service 3.0
RP1237: 4/10/2010 12:47:06 AM - Software Distribution Service 3.0
RP1238: 4/10/2010 10:52:58 AM - Software Distribution Service 3.0
RP1239: 4/10/2010 12:00:13 PM - Software Distribution Service 3.0
RP1240: 4/10/2010 4:20:20 PM - Software Distribution Service 3.0
RP1241: 4/10/2010 11:56:33 PM - Software Distribution Service 3.0
RP1242: 4/11/2010 12:00:13 PM - Software Distribution Service 3.0
RP1243: 4/11/2010 4:13:39 PM - Software Distribution Service 3.0
RP1244: 4/11/2010 7:04:44 PM - Software Distribution Service 3.0
RP1245: 4/11/2010 11:12:22 PM - Software Distribution Service 3.0
RP1246: 4/11/2010 11:17:55 PM - Software Distribution Service 3.0
RP1247: 4/11/2010 11:18:25 PM - Software Distribution Service 3.0
RP1248: 4/12/2010 12:00:13 PM - Software Distribution Service 3.0
RP1249: 4/12/2010 2:05:22 PM - Software Distribution Service 3.0
RP1250: 4/12/2010 9:24:16 PM - Installed Java(TM) 6 Update 17
RP1251: 4/12/2010 9:45:50 PM - Installed Windows Internet Explorer 8.
RP1252: 4/12/2010 9:46:50 PM - Software Distribution Service 3.0
RP1253: 4/13/2010 12:00:14 PM - Software Distribution Service 3.0
RP1254: 4/13/2010 11:14:09 PM - Software Distribution Service 3.0
RP1255: 4/14/2010 12:00:13 PM - Software Distribution Service 3.0
RP1256: 4/14/2010 11:09:51 PM - Software Distribution Service 3.0
RP1257: 4/15/2010 9:14:52 AM - Software Distribution Service 3.0
RP1258: 4/15/2010 12:49:38 PM - Software Distribution Service 3.0
RP1259: 4/15/2010 2:10:04 PM - Software Distribution Service 3.0
RP1260: 4/15/2010 10:22:24 PM - Software Distribution Service 3.0
RP1261: 4/16/2010 11:58:32 AM - Software Distribution Service 3.0
RP1262: 4/16/2010 3:17:37 PM - Software Distribution Service 3.0
RP1263: 4/16/2010 10:53:53 PM - Software Distribution Service 3.0
RP1264: 4/17/2010 2:43:14 PM - Software Distribution Service 3.0
RP1265: 4/17/2010 3:39:35 PM - Software Distribution Service 3.0
RP1266: 4/17/2010 4:58:19 PM - Software Distribution Service 3.0
RP1267: 4/17/2010 10:12:09 PM - Software Distribution Service 3.0
RP1268: 4/17/2010 11:32:27 PM - Software Distribution Service 3.0
RP1269: 4/18/2010 12:00:13 PM - Software Distribution Service 3.0
RP1270: 4/18/2010 1:50:50 PM - Software Distribution Service 3.0
RP1271: 4/18/2010 2:46:32 PM - Software Distribution Service 3.0
RP1272: 4/18/2010 10:54:18 PM - Software Distribution Service 3.0
RP1273: 4/19/2010 12:00:13 PM - Software Distribution Service 3.0
RP1274: 4/19/2010 12:20:47 PM - Software Distribution Service 3.0
RP1275: 4/19/2010 8:57:38 PM - Software Distribution Service 3.0
RP1276: 4/20/2010 9:54:35 AM - Software Distribution Service 3.0
RP1277: 4/20/2010 1:40:21 PM - Software Distribution Service 3.0
RP1278: 4/20/2010 10:27:08 PM - Software Distribution Service 3.0
RP1279: 4/21/2010 12:00:13 PM - Software Distribution Service 3.0
RP1280: 4/21/2010 12:57:58 PM - Software Distribution Service 3.0
RP1281: 4/21/2010 9:02:23 PM - Software Distribution Service 3.0
RP1282: 4/22/2010 11:47:04 AM - Software Distribution Service 3.0
RP1283: 4/22/2010 2:41:39 PM - Software Distribution Service 3.0
RP1284: 4/22/2010 9:53:31 PM - Software Distribution Service 3.0
RP1285: 4/22/2010 10:02:07 PM - Software Distribution Service 3.0
RP1286: 4/23/2010 12:00:13 PM - Software Distribution Service 3.0
RP1287: 4/23/2010 7:09:18 PM - Software Distribution Service 3.0
RP1288: 4/24/2010 12:14:03 AM - Software Distribution Service 3.0
RP1289: 4/24/2010 12:30:14 PM - Software Distribution Service 3.0
RP1290: 4/24/2010 12:36:07 PM - Software Distribution Service 3.0
RP1291: 4/24/2010 4:00:02 PM - Software Distribution Service 3.0
RP1292: 4/24/2010 8:08:15 PM - Software Distribution Service 3.0
RP1293: 4/25/2010 12:00:14 PM - Software Distribution Service 3.0
RP1294: 4/25/2010 11:20:40 PM - Software Distribution Service 3.0
RP1295: 4/26/2010 12:00:13 PM - Software Distribution Service 3.0
RP1296: 4/26/2010 2:59:49 PM - Software Distribution Service 3.0
RP1297: 4/26/2010 5:03:19 PM - Software Distribution Service 3.0
RP1298: 4/26/2010 11:49:08 PM - Software Distribution Service 3.0
RP1299: 4/27/2010 11:00:42 AM - Software Distribution Service 3.0
RP1300: 4/27/2010 12:54:39 PM - Software Distribution Service 3.0
RP1301: 4/27/2010 9:14:43 PM - Software Distribution Service 3.0
RP1302: 4/28/2010 11:56:20 AM - Software Distribution Service 3.0
RP1303: 4/28/2010 2:56:09 PM - Software Distribution Service 3.0
RP1304: 4/28/2010 9:06:22 PM - Software Distribution Service 3.0
RP1305: 4/29/2010 12:00:13 PM - Software Distribution Service 3.0
RP1306: 4/29/2010 5:41:21 PM - Software Distribution Service 3.0
RP1307: 4/29/2010 10:46:13 PM - Software Distribution Service 3.0
RP1308: 4/30/2010 12:00:13 PM - Software Distribution Service 3.0
RP1309: 4/30/2010 12:02:57 PM - Software Distribution Service 3.0
RP1310: 4/30/2010 4:39:41 PM - Software Distribution Service 3.0
RP1311: 4/30/2010 8:52:58 PM - Software Distribution Service 3.0
RP1312: 5/1/2010 11:14:42 AM - Software Distribution Service 3.0
RP1313: 5/1/2010 5:51:10 PM - Software Distribution Service 3.0
RP1314: 5/1/2010 10:48:04 PM - Software Distribution Service 3.0
RP1315: 5/2/2010 2:05:02 PM - Software Distribution Service 3.0
RP1316: 5/2/2010 4:55:27 PM - Software Distribution Service 3.0
RP1317: 5/2/2010 10:39:57 PM - Software Distribution Service 3.0
RP1318: 5/3/2010 12:00:13 PM - Software Distribution Service 3.0
RP1319: 5/3/2010 10:09:26 PM - Software Distribution Service 3.0
RP1320: 5/4/2010 12:00:13 PM - Software Distribution Service 3.0
RP1321: 5/4/2010 10:13:36 PM - Software Distribution Service 3.0
RP1322: 5/5/2010 12:00:13 PM - Software Distribution Service 3.0
RP1323: 5/5/2010 2:12:54 PM - Software Distribution Service 3.0
RP1324: 5/5/2010 11:06:05 PM - Software Distribution Service 3.0
RP1325: 5/6/2010 11:11:49 AM - Software Distribution Service 3.0
RP1326: 5/6/2010 10:00:26 PM - Software Distribution Service 3.0
RP1327: 5/7/2010 8:07:19 AM - Software Distribution Service 3.0
RP1328: 5/7/2010 12:00:13 PM - Software Distribution Service 3.0
RP1329: 5/7/2010 12:47:53 PM - Software Distribution Service 3.0
RP1330: 5/7/2010 6:14:32 PM - Software Distribution Service 3.0
RP1331: 5/7/2010 11:18:41 PM - Software Distribution Service 3.0
RP1332: 5/8/2010 12:00:13 PM - Software Distribution Service 3.0
RP1333: 5/8/2010 3:45:08 PM - Software Distribution Service 3.0
RP1334: 5/8/2010 9:41:17 PM - Software Distribution Service 3.0
RP1335: 5/9/2010 12:00:13 PM - Software Distribution Service 3.0
RP1336: 5/10/2010 12:00:13 PM - Software Distribution Service 3.0
RP1337: 5/10/2010 12:54:52 PM - Software Distribution Service 3.0
RP1338: 5/10/2010 9:52:52 PM - Software Distribution Service 3.0
RP1339: 5/11/2010 11:34:24 AM - Software Distribution Service 3.0
RP1340: 5/11/2010 11:50:25 PM - Software Distribution Service 3.0
RP1341: 5/12/2010 10:14:07 AM - Software Distribution Service 3.0
RP1342: 5/12/2010 4:28:07 PM - Software Distribution Service 3.0
RP1343: 5/12/2010 11:48:51 PM - Software Distribution Service 3.0
RP1344: 5/13/2010 12:00:13 PM - Software Distribution Service 3.0
RP1345: 5/13/2010 1:02:34 PM - Software Distribution Service 3.0
RP1346: 5/13/2010 4:56:09 PM - Software Distribution Service 3.0
RP1347: 5/13/2010 9:52:43 PM - Software Distribution Service 3.0
RP1348: 5/14/2010 11:24:12 AM - Software Distribution Service 3.0
RP1349: 5/14/2010 12:00:14 PM - Software Distribution Service 3.0
RP1350: 5/14/2010 11:45:40 PM - Software Distribution Service 3.0
RP1351: 5/15/2010 12:00:13 PM - Software Distribution Service 3.0
RP1352: 5/15/2010 6:42:37 PM - Software Distribution Service 3.0
RP1353: 5/16/2010 2:01:00 PM - Software Distribution Service 3.0
RP1354: 5/16/2010 3:48:02 PM - Software Distribution Service 3.0
RP1355: 5/16/2010 6:25:23 PM - Software Distribution Service 3.0
RP1356: 5/16/2010 9:07:08 PM - Software Distribution Service 3.0
RP1357: 5/16/2010 9:20:51 PM - Software Distribution Service 3.0
RP1358: 5/16/2010 11:35:08 PM - Software Distribution Service 3.0
RP1359: 5/17/2010 12:00:13 PM - Software Distribution Service 3.0
RP1360: 5/17/2010 4:40:26 PM - Software Distribution Service 3.0
RP1361: 5/17/2010 10:30:45 PM - Software Distribution Service 3.0
RP1362: 5/18/2010 11:06:36 AM - Software Distribution Service 3.0
RP1363: 5/18/2010 1:55:56 PM - Software Distribution Service 3.0
RP1364: 5/18/2010 11:48:25 PM - Software Distribution Service 3.0
RP1365: 5/19/2010 11:09:22 AM - Software Distribution Service 3.0
RP1366: 5/19/2010 1:14:23 PM - Software Distribution Service 3.0
RP1367: 5/19/2010 3:51:57 PM - Software Distribution Service 3.0
RP1368: 5/19/2010 6:23:53 PM - Software Distribution Service 3.0
RP1369: 5/20/2010 12:00:13 PM - Software Distribution Service 3.0
RP1370: 5/20/2010 1:03:35 PM - Software Distribution Service 3.0
RP1371: 5/20/2010 10:11:45 PM - Software Distribution Service 3.0
RP1372: 5/25/2010 8:25:26 PM - Software Distribution Service 3.0
RP1373: 5/25/2010 10:13:04 PM - Software Distribution Service 3.0
RP1374: 5/26/2010 11:21:11 AM - Software Distribution Service 3.0
RP1375: 5/26/2010 2:31:46 PM - Software Distribution Service 3.0
RP1376: 5/26/2010 9:53:12 PM - Software Distribution Service 3.0
RP1377: 5/27/2010 12:00:13 PM - Software Distribution Service 3.0
RP1378: 5/27/2010 12:20:28 PM - Software Distribution Service 3.0
RP1379: 5/27/2010 11:27:27 PM - Software Distribution Service 3.0
RP1380: 5/28/2010 12:00:13 PM - Software Distribution Service 3.0
RP1381: 5/28/2010 1:20:46 PM - Software Distribution Service 3.0
RP1382: 5/29/2010 12:51:59 AM - Software Distribution Service 3.0
RP1383: 5/29/2010 10:22:23 AM - Software Distribution Service 3.0
RP1384: 5/29/2010 2:25:09 PM - Software Distribution Service 3.0
RP1385: 5/29/2010 10:54:51 PM - Software Distribution Service 3.0
RP1386: 5/30/2010 11:18:07 AM - Software Distribution Service 3.0
RP1387: 5/30/2010 12:56:33 PM - Software Distribution Service 3.0
RP1388: 5/30/2010 8:06:06 PM - Software Distribution Service 3.0
RP1389: 5/31/2010 11:10:48 AM - Software Distribution Service 3.0
RP1390: 5/31/2010 2:26:13 PM - Software Distribution Service 3.0
RP1391: 5/31/2010 11:01:54 PM - Software Distribution Service 3.0
RP1392: 6/1/2010 3:57:01 PM - Software Distribution Service 3.0
RP1393: 6/1/2010 11:25:15 PM - Software Distribution Service 3.0
RP1394: 6/2/2010 12:00:13 PM - Software Distribution Service 3.0
RP1395: 6/2/2010 12:11:08 PM - Software Distribution Service 3.0
RP1396: 6/2/2010 2:07:41 PM - Software Distribution Service 3.0
RP1397: 6/2/2010 11:28:24 PM - Software Distribution Service 3.0
RP1398: 6/3/2010 12:00:13 PM - Software Distribution Service 3.0
RP1399: 6/3/2010 5:59:26 PM - Software Distribution Service 3.0
RP1400: 6/4/2010 12:37:03 AM - Software Distribution Service 3.0
RP1401: 6/4/2010 12:00:13 PM - Software Distribution Service 3.0
RP1402: 6/4/2010 1:51:44 PM - Software Distribution Service 3.0
RP1403: 6/4/2010 6:28:25 PM - Software Distribution Service 3.0
RP1404: 6/4/2010 10:24:45 PM - Software Distribution Service 3.0
RP1405: 6/5/2010 11:52:03 AM - Software Distribution Service 3.0
RP1406: 6/5/2010 3:50:06 PM - Software Distribution Service 3.0
RP1407: 6/5/2010 7:41:47 PM - Software Distribution Service 3.0
RP1408: 6/5/2010 11:38:17 PM - Software Distribution Service 3.0
RP1409: 6/6/2010 12:00:13 PM - Software Distribution Service 3.0
RP1410: 6/6/2010 12:27:50 PM - Software Distribution Service 3.0
RP1411: 6/6/2010 3:56:03 PM - Software Distribution Service 3.0
RP1412: 6/6/2010 10:46:22 PM - Software Distribution Service 3.0
RP1413: 6/7/2010 12:00:13 PM - Software Distribution Service 3.0
RP1414: 6/7/2010 10:21:08 PM - Software Distribution Service 3.0
RP1415: 6/8/2010 12:00:13 PM - Software Distribution Service 3.0
RP1416: 6/13/2010 5:30:05 PM - Software Distribution Service 3.0
RP1417: 6/13/2010 5:53:23 PM - Software Distribution Service 3.0
RP1418: 6/13/2010 9:04:09 PM - Software Distribution Service 3.0
RP1419: 6/14/2010 12:00:13 PM - Software Distribution Service 3.0
RP1420: 6/14/2010 2:53:57 PM - Software Distribution Service 3.0
RP1421: 6/14/2010 11:56:27 PM - Software Distribution Service 3.0
RP1422: 6/15/2010 12:00:13 PM - Software Distribution Service 3.0
RP1423: 6/15/2010 12:34:54 PM - Software Distribution Service 3.0
RP1424: 6/15/2010 11:11:58 PM - Software Distribution Service 3.0
RP1425: 6/16/2010 12:00:13 PM - Software Distribution Service 3.0
RP1426: 6/16/2010 12:33:23 PM - Software Distribution Service 3.0
RP1427: 6/16/2010 10:42:53 PM - Software Distribution Service 3.0
RP1428: 6/17/2010 12:00:13 PM - Software Distribution Service 3.0
RP1429: 6/17/2010 10:55:07 PM - Software Distribution Service 3.0
RP1430: 6/18/2010 12:00:13 PM - Software Distribution Service 3.0
RP1431: 6/18/2010 1:46:53 PM - Software Distribution Service 3.0
RP1432: 6/18/2010 11:01:20 PM - Software Distribution Service 3.0
RP1433: 6/19/2010 6:11:34 AM - Software Distribution Service 3.0
RP1434: 6/19/2010 6:23:09 AM - Removed Adobe Media Player
RP1435: 6/19/2010 6:34:17 AM - Software Distribution Service 3.0
RP1436: 6/19/2010 8:25:39 AM - Software Distribution Service 3.0
RP1437: 6/19/2010 9:44:10 AM - Software Distribution Service 3.0
RP1438: 6/19/2010 12:00:12 PM - Software Distribution Service 3.0
RP1439: 6/19/2010 12:03:31 PM - Software Distribution Service 3.0
RP1440: 6/19/2010 6:58:32 PM - Software Distribution Service 3.0
RP1441: 6/20/2010 12:09:43 AM - Software Distribution Service 3.0
RP1442: 6/20/2010 4:13:26 PM - Software Distribution Service 3.0
RP1443: 6/21/2010 3:39:56 PM - Software Distribution Service 3.0
RP1444: 6/21/2010 10:18:03 PM - Software Distribution Service 3.0
RP1445: 6/22/2010 10:24:15 AM - Software Distribution Service 3.0
RP1446: 6/22/2010 5:58:16 PM - Software Distribution Service 3.0
RP1447: 6/22/2010 10:56:59 PM - Software Distribution Service 3.0
RP1448: 6/23/2010 10:17:34 PM - Software Distribution Service 3.0
RP1449: 6/24/2010 12:00:14 PM - Software Distribution Service 3.0
RP1450: 6/24/2010 12:22:13 PM - Software Distribution Service 3.0
RP1451: 6/24/2010 5:28:37 PM - Software Distribution Service 3.0
RP1452: 6/24/2010 8:55:36 PM - Software Distribution Service 3.0
RP1453: 6/24/2010 8:58:50 PM - Installed HiJackThis
RP1454: 6/24/2010 11:33:11 PM - Software Distribution Service 3.0
RP1455: 6/25/2010 12:00:15 PM - Software Distribution Service 3.0
RP1456: 6/25/2010 1:22:40 PM - Software Distribution Service 3.0
RP1457: 6/25/2010 5:51:01 PM - Software Distribution Service 3.0
RP1458: 6/25/2010 11:13:25 PM - Software Distribution Service 3.0
RP1459: 6/26/2010 12:00:14 PM - Software Distribution Service 3.0
RP1460: 6/26/2010 2:53:06 PM - Software Distribution Service 3.0
RP1461: 6/26/2010 10:36:00 PM - Software Distribution Service 3.0
RP1462: 6/27/2010 12:00:22 PM - Software Distribution Service 3.0
RP1463: 6/27/2010 10:07:42 PM - Software Distribution Service 3.0
RP1464: 6/28/2010 12:00:14 PM - Software Distribution Service 3.0
RP1465: 6/28/2010 10:07:30 PM - Installed SAMB_ADVMB_FILTER_DRV
RP1466: 6/29/2010 9:14:10 PM - Software Distribution Service 3.0
RP1467: 6/29/2010 9:20:04 PM - Software Distribution Service 3.0
RP1468: 6/30/2010 5:54:51 PM - Software Distribution Service 3.0

==== Installed Programs ======================

"Nero SoundTrax Help
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
Advertising Center
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Canon MP Navigator 2.2
Canon MP530
CCleaner
Comcast High-Speed Internet Install Wizard
Dell Driver Download Manager
Dell Resource CD
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DolbyFiles
Easy-WebPrint
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GraphPad Prism 5 (Trial)
H.264 Decoder
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
Intel(R) PRO Network Connections
Intel(R) Quick Resume Technology Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
K-Lite Mega Codec Pack 4.9.0
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash Player 8 Plugin
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Menu Templates - Starter Kit
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Modem Diagnostic Tool
Modem Helper
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA Drivers
OmniPage SE 2.0
Otto
pdfsam
Picasa 3
Presto! PageManager 7.15.11
PrimoPDF -- by Nitro PDF Software
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SigmaTel Audio
Snood 4
Sonic Encoders
Sound Blaster ADVANCED MB Drivers
SoundTrax
Spybot - Search & Destroy
SUPERAntiSpyware
The Rosetta Stone
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

6/28/2010 3:51:56 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/28/2010 10:08:41 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
6/26/2010 9:43:12 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
6/26/2010 4:03:55 PM, error: Service Control Manager [7038] - The RemoteRegistry service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: A required privilege is not held by the client. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/26/2010 4:03:55 PM, error: Service Control Manager [7000] - The Remote Registry service failed to start due to the following error: The service did not start due to a logon failure.
6/24/2010 12:22:29 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
6/24/2010 11:36:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
6/24/2010 11:36:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 11:36:58 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 11:36:58 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 11:36:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 11:36:58 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 11:36:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/24/2010 11:35:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/24/2010 11:35:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/24/2010 11:25:13 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate1c9ba4e5b101f64 with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}

==== End Of File ===========================
vietgirl801
Active Member
 
Posts: 11
Joined: June 25th, 2010, 9:40 am

Re: Hijack This Log - please help

Unread postby vietgirl801 » June 30th, 2010, 9:18 pm

Gmer part I:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-30 19:54:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\anh\LOCALS~1\Temp\fxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT spbt.sys ZwCreateKey [0xB9EA70E0]
SSDT spbt.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spbt.sys ZwEnumerateValueKey [0xB9EC6032]
SSDT spbt.sys ZwOpenKey [0xB9EA70C0]
SSDT spbt.sys ZwQueryKey [0xB9EC610A]
SSDT spbt.sys ZwQueryValueKey [0xB9EC5F8A]
SSDT spbt.sys ZwSetValueKey [0xB9EC619C]

INT 0x73 ? 8ADC9BF8
INT 0x83 ? 8AD57BF8
INT 0x84 ? 8AD57BF8
INT 0x94 ? 8AD57BF8
INT 0xA4 ? 8AD57BF8
INT 0xB4 ? 8AD57BF8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAB1C4231]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAB1C425B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAB1C41C5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAB1C41F1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAB1C4285]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAB1C4245]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAB1C41DB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAB1C421D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAB1C429B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAB1C426F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP AB1C4273 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP AB1C4235 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP AB1C4289 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP AB1C429F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83CA 7 Bytes JMP AB1C4249 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11EA 5 Bytes JMP AB1C425F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP AB1C4221 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP AB1C41DF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP AB1C41C9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 7 Bytes JMP AB1C41F5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? spbt.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9046360, 0x21235D, 0xE8000020]
.text USBPORT.SYS!DllUnload B8FED8AC 5 Bytes JMP 8AD571D8
.text az3eqsxp.SYS B8F52386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text az3eqsxp.SYS B8F523AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az3eqsxp.SYS B8F523C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text az3eqsxp.SYS B8F523C9 1 Byte [30]
.text az3eqsxp.SYS B8F523C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E1006C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E1005B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E10040
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E1002F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E10FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10089
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E10F41
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E100DA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E100BF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E10F30
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10F97
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E1000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E10F5C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E10FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E10FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E100AE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E00047
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E0007D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E0002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00FC0
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E00FDB
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00062
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF004C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF0FB7
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF0FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DE0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DD000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DD0025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DD0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[548] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00DD0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E1000C
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00380FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0038005E
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00380FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00380FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00380043
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00380FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [58, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00380028
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390044
.text C:\Program Files\Internet Explorer\iexplore.exe[576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390029
.text C:\Program Files\Internet Explorer\iexplore.exe[576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390018
.text C:\Program Files\Internet Explorer\iexplore.exe[576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[576] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01480000
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0148009C
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0148008B
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0148007A
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01480069
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01480047
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01480F6F
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 014800B7
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01480F54
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014800ED
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01480F39
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01480058
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01480FEF
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01480F8C
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01480036
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01480025
.text C:\WINDOWS\system32\services.exe[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014800DC
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0147000A
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01470F94
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01470FB9
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01470FCA
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01470051
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01470FEF
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01470040
.text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0147001B
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070038
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FB7
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070FE3
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0007000C
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070FC8
.text C:\WINDOWS\system32\services.exe[780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0007001D
.text C:\WINDOWS\system32\services.exe[780] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[780] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00050FDB
.text C:\WINDOWS\system32\services.exe[780] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00050FC0
.text C:\WINDOWS\system32\services.exe[780] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0005001B
.text C:\WINDOWS\system32\services.exe[780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020FEF
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01020F88
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0102007D
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01020F99
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01020058
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020036
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010200BF
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01020F77
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010200EB
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010200DA
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01020F37
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01020047
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0102000A
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010200A2
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01020025
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01020FD4
.text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01020F5C
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D60FCA
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D60051
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D6001B
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D60040
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D60F9E
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F6, 88]
.text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D60FAF
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D50FB2
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D50FCD
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D50FDE
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D50033
.text C:\WINDOWS\system32\lsass.exe[792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D50018
.text C:\WINDOWS\system32\lsass.exe[792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D4000A
.text C:\WINDOWS\system32\lsass.exe[792] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\lsass.exe[792] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\lsass.exe[792] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D3001B
.text C:\WINDOWS\system32\lsass.exe[792] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D30036
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DA0F77
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DA0F92
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA0FA3
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DA006C
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DA0FCA
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DA0F4B
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DA0F5C
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA00E4
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA00C9
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA00F5
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA005B
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA001B
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DA0087
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DA0FDB
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DA002C
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DA00B8
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D90025
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D9005B
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D90FD4
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D90FE5
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D90F9E
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D90FAF
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F9, 88]
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90036
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80FAB
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D80036
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D80011
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80FC6
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D80FE3
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D60FDB
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D60FCA
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D60FAF
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F2000A
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F2009D
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F2008C
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F20FB2
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F20FC3
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F20FDE
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F20F75
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F20F86
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F20F3F
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F20F50
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F20F2E
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F2005B
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F20F97
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F20040
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F2002F
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F200D8
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F1003D
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F10FB3
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F1002C
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F1001B
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F10070
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F1005F
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F1004E
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F00FC8
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F00FD9
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F00038
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F00053
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F0001D
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00EE0014
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00EE0FD4
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00EE0025
.text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D100A1
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10090
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D1007F
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10FB6
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10FDB
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D100EA
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D100CD
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10119
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10F76
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D10F65
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D10062
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D10011
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D100B2
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D10047
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D1002C
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D10F87
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D00FDE
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D00FA8
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D00025
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D00065
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D00054
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0053
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF0042
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF000C
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF0027
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF0FD2
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CE0FDE
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CE002F
.text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0305000A
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 030500AB
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03050FAC
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03050086
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03050069
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03050047
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 030500D2
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03050F8A
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03050108
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03050F6F
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03050123
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03050058
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0305001B
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03050F9B
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0305002C
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03050FDB
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 030500ED
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03040036
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03040073
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03040FE5
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03040025
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03040FC0
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03040000
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03040062
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03040047
.text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[1152] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F2000A
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02E70049
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!system 77C293C7 5 Bytes JMP 02E70FC8
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02E7001D
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02E7000C
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02E70038
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02E70FE3
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02D90000
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02D9001B
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02D9002C
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02D90047
.text C:\WINDOWS\System32\svchost.exe[1152] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02E60000
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0F66
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0F81
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0FA8
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0FB9
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0040
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F35
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0087
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD00B3
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0098
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0EFF
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD005B
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0FE5
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0076
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD002F
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FD4
.text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F24
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0FA8
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0F68
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FC3
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0FDE
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0F83
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AC0025
.text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0014
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0040
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0FAB
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0FD7
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FBC
.text C:\WINDOWS\system32\svchost.exe[1216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0011
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A90FD4
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A90FC3
.text C:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C90051
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C90F66
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C90040
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C9002F
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C90F8D
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C90082
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C90F30
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C900D3
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C900AE
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C90F1F
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C90014
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C90F41
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C90FB2
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C90FC3
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C9009D
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C80FCA
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C80051
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C80FDB
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C80011
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C80F94
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C80FA5
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes CALL C89FEDE5
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C8002C
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C70053
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C70042
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C70FE3
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C7000C
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C70FC8
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C7001D
.text C:\WINDOWS\system32\svchost.exe[1340] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\svchost.exe[1340] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001B0014
.text C:\WINDOWS\system32\svchost.exe[1340] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\svchost.exe[1340] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\wuauclt.exe[1552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C6000A
.text C:\WINDOWS\system32\wuauclt.exe[1552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C7000A
.text C:\WINDOWS\system32\wuauclt.exe[1552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C5000C
.text C:\WINDOWS\system32\wuauclt.exe[1552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002D0031
.text C:\WINDOWS\system32\wuauclt.exe[1552] msvcrt.dll!system 77C293C7 5 Bytes JMP 002D0FA6
.text C:\WINDOWS\system32\wuauclt.exe[1552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002D0FD2
.text C:\WINDOWS\system32\wuauclt.exe[1552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002D000C
.text C:\WINDOWS\system32\wuauclt.exe[1552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002D0FB7
.text C:\WINDOWS\system32\wuauclt.exe[1552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002D0FEF
.text C:\WINDOWS\system32\wuauclt.exe[1552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002E0FDB
.text C:\WINDOWS\system32\wuauclt.exe[1552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002E0FAC
.text C:\WINDOWS\system32\wuauclt.exe[1552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002E002C
.text C:\WINDOWS\system32\wuauclt.exe[1552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002E001B
.text C:\WINDOWS\system32\wuauclt.exe[1552] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002E0069
.text C:\WINDOWS\system32\wuauclt.exe[1552] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002E0000
.text C:\WINDOWS\system32\wuauclt.exe[1552] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002E004E
.text C:\WINDOWS\system32\wuauclt.exe[1552] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002E003D
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E1000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00380FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00380F94
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00380FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00380014
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00380051
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00380040
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0038002F
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390F9A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390000
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390025
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390FC6
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DF0F55
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DF0040
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DF0F72
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DF0F8D
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DF002F
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DF0F29
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DF0065
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DF0EFA
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DF009D
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DF0EE9
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DF0F9E
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DF000A
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DF0F3A
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DF0FC3
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DF0FD4
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DF008C
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0F7D
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0044
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BD0033
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0022
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0047
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0FBC
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0011
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC002C
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0FE3
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[1656] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\svchost.exe[1656] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01420000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01420093
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01420082
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01420FA8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01420FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01420FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01420F55
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01420F72
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014200D3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014200C2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01420F15
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0142005B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01420FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01420F8D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01420040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01420025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01420F44
vietgirl801
Active Member
 
Posts: 11
Joined: June 25th, 2010, 9:40 am

Re: Hijack This Log - please help

Unread postby vietgirl801 » June 30th, 2010, 9:21 pm

.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01420000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01420093
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01420082
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01420FA8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01420FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01420FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01420F55
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01420F72
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014200D3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014200C2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01420F15
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0142005B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01420FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01420F8D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01420040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01420025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01420F44
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01410FB2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0141004A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01410FCD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01410FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01410F8D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01410FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0141002F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0141001E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01400051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] msvcrt.dll!system 77C293C7 5 Bytes JMP 01400040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0140000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01400FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0140001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01400FC6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013F0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 013E000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 013E001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 013E0036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2032] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 013E0051
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F10F7C
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F10F8D
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F10067
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F10F9E
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F1001B
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F100A0
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F10F4E
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F100DD
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F100CC
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F100EE
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F10040
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F10F6B
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F10FAF
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F10FCA
.text C:\WINDOWS\system32\dllhost.exe[2096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F100B1
.text C:\WINDOWS\system32\dllhost.exe[2096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EF0FB0
.text C:\WINDOWS\system32\dllhost.exe[2096] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EF0FC1
.text C:\WINDOWS\system32\dllhost.exe[2096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EF000C
.text C:\WINDOWS\system32\dllhost.exe[2096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\dllhost.exe[2096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EF0027
.text C:\WINDOWS\system32\dllhost.exe[2096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EF0FDE
.text C:\WINDOWS\system32\dllhost.exe[2096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\dllhost.exe[2096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F0005B
.text C:\WINDOWS\system32\dllhost.exe[2096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F00025
.text C:\WINDOWS\system32\dllhost.exe[2096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\dllhost.exe[2096] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F00040
.text C:\WINDOWS\system32\dllhost.exe[2096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F0000A
.text C:\WINDOWS\system32\dllhost.exe[2096] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F00F9E
.text C:\WINDOWS\system32\dllhost.exe[2096] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [10, 89]
.text C:\WINDOWS\system32\dllhost.exe[2096] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F00FAF
.text C:\WINDOWS\system32\dllhost.exe[2096] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\dllhost.exe[2096] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001B0011
.text C:\WINDOWS\system32\dllhost.exe[2096] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001B0FD1
.text C:\WINDOWS\system32\dllhost.exe[2096] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001B002C
.text C:\WINDOWS\system32\dllhost.exe[2096] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EE0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E1000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00380047
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0038008E
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0038002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0038001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00380073
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0038000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00380058
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00380FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0039000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[3372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C5000A
.text C:\WINDOWS\Explorer.EXE[3372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C6000A
.text C:\WINDOWS\Explorer.EXE[3372] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BB000C
.text C:\WINDOWS\Explorer.EXE[3372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0036
.text C:\WINDOWS\Explorer.EXE[3372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0F94
.text C:\WINDOWS\Explorer.EXE[3372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0025
.text C:\WINDOWS\Explorer.EXE[3372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0014
.text C:\WINDOWS\Explorer.EXE[3372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0FA5
.text C:\WINDOWS\Explorer.EXE[3372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[3372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002C0047
.text C:\WINDOWS\Explorer.EXE[3372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FC0
.text C:\WINDOWS\Explorer.EXE[3372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002D0FAD
.text C:\WINDOWS\Explorer.EXE[3372] msvcrt.dll!system 77C293C7 5 Bytes JMP 002D0038
.text C:\WINDOWS\Explorer.EXE[3372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002D0FD2
.text C:\WINDOWS\Explorer.EXE[3372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002D0FE3
.text C:\WINDOWS\Explorer.EXE[3372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002D001D
.text C:\WINDOWS\Explorer.EXE[3372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002D0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E1000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00380FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00380F80
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00380FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00380011
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00380047
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00380000
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00380FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [58, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00380036
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390055
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390029
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0039000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0039003A
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AD561F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8A2EF1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AD581F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AD581F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AD581F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AD581F8
Device \Driver\usbehci \Device\USBPDO-1 8A3111F8
Device \Driver\usbuhci \Device\USBPDO-2 8A2EF1F8
Device \Driver\usbuhci \Device\USBPDO-3 8A2EF1F8
Device \Driver\usbehci \Device\USBPDO-4 8A3111F8

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 8A2EF1F8
Device \Driver\usbuhci \Device\USBPDO-6 8A2EF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EA4ABFA4-9584-4917-9C77-D87EF3EFED5E} 8A044500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8ADCA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8ADCA1F8
Device \Driver\Cdrom \Device\CdRom0 8A3101F8
Device \Driver\Cdrom \Device\CdRom1 8A3101F8
Device \Driver\iastor \Device\Ide\iaStor0 [B9D8B5D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [B9D8B5D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A044500
Device \Driver\PCI_PNP3636 \Device\0000004a spbt.sys
Device \Driver\NetBT \Device\NetbiosSmb 8A044500

AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 8A2EF1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A2EF1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A15D500
Device \Driver\usbehci \Device\USBFDO-2 8A3111F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A15D500
Device \Driver\usbuhci \Device\USBFDO-3 8A2EF1F8
Device \Driver\usbuhci \Device\USBFDO-4 8A2EF1F8
Device \Driver\sptd \Device\4164764886 spbt.sys
Device \Driver\Ftdisk \Device\FtControl 8ADCA1F8
Device \Driver\usbuhci \Device\USBFDO-5 8A2EF1F8
Device \Driver\usbehci \Device\USBFDO-6 8A3111F8
Device \Driver\az3eqsxp \Device\Scsi\az3eqsxp1 8A2511F8
Device \Driver\az3eqsxp \Device\Scsi\az3eqsxp1Port1Path0Target0Lun0 8A2511F8
Device \FileSystem\Fastfat \Fat 89FDB500
Device \FileSystem\Fastfat \Fat A961E297

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs 89FD6500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x86 0x39 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA7 0x32 0x1C 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0x4E 0x21 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x86 0x39 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA7 0x32 0x1C 0xF5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0x4E 0x21 0xBD ...
vietgirl801
Active Member
 
Posts: 11
Joined: June 25th, 2010, 9:40 am

Re: Hijack This Log - please help

Unread postby vict0r » July 1st, 2010, 2:04 pm

Warning

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear the infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any important files and folders that you don't want to lose before you continue with the instructions below. You need to understand that any damages resulting from our attempts to help you clean your computer of malware are YOUR RESPONSIBILITY.


Defogger

Please download DeFogger... by jpshortstuff. Save it to your desktop.
  1. Double click DeFogger.exe to run the tool. The application window will appear.
  2. Click the Disable button to disable your CD Emulation drivers.
  3. Click Yes to continue. A 'Finished!' message will appear. Click OK.
  4. Click OK when DeFogger asks to reboot the machine.
Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please stop following these instructions and post the log defogger_disable which will appear on your desktop.


Disable McAfee AntiVirus

  • Right click the McAfee Antivirus icon in the system tray.
  • Select the menu entry to disable the on-access scanner.
Note: Don't forget to re-enable it after the fix.


Download and Run ComboFix

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Please ensure you read the following guide carefully and install the Recovery Console when prompted.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode. This allows us to more easily help you if your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Click here to visit BleepingComputer's ComboFix page for download links, and a guide for running the tool.

Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review.


You can now enable McAfee.


Did any problems occur while following the instructions?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Hijack This Log - please help

Unread postby vietgirl801 » July 1st, 2010, 9:28 pm

I've done as instructed. There was no problem experienced during the process. Below is the requested log:

ComboFix 10-07-01.02 - anh 07/01/2010 19:50:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2646 [GMT -5:00]
Running from: c:\documents and settings\anh\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Administrator.HOANG\Application Data\Kylar
c:\documents and settings\Administrator.HOANG\Application Data\Kylar\suam.exe
c:\documents and settings\anh\Application Data\Vaaht
c:\documents and settings\anh\Application Data\Vaaht\yrsy.exe
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP061 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP061 .MRK

Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-06-29 03:19 . 2010-06-29 03:19 -------- d-----w- c:\windows\system32\vmm32
2010-06-29 03:07 . 2005-05-25 22:34 158464 ----a-w- c:\windows\system32\drivers\ctusfsyn.sys
2010-06-29 03:07 . 2005-01-10 23:15 20992 ----a-w- c:\windows\system32\sfman32.dll
2010-06-29 03:07 . 2005-01-10 23:15 138752 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2010-06-29 03:07 . 2005-01-10 23:15 115200 ----a-w- c:\windows\system32\sfms32.dll
2010-06-29 03:07 . 2005-01-10 23:15 106496 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2010-06-29 03:07 . 2005-12-07 16:34 40448 ----a-w- c:\windows\system32\CiEcho.dll
2010-06-29 03:07 . 2005-10-30 00:42 11776 ----a-w- c:\windows\inres.dll
2010-06-29 03:07 . 2006-01-19 03:07 160768 ----a-w- c:\windows\system32\cifilter.dll
2010-06-29 03:07 . 2006-01-04 20:41 1389056 ----a-w- c:\windows\system32\drivers\monfilt.sys
2010-06-29 03:07 . 2010-06-29 03:07 -------- d-----w- c:\program files\Creative
2010-06-29 02:54 . 2010-06-29 02:57 -------- d-----w- c:\documents and settings\anh\Local Settings\Application Data\Deployment
2010-06-25 01:58 . 2010-06-25 01:58 388096 ----a-r- c:\documents and settings\anh\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-25 01:58 . 2010-06-25 01:58 -------- d-----w- c:\program files\Trend Micro
2010-06-25 01:50 . 2010-06-25 02:22 -------- d-----w- c:\program files\Snood 4
2010-06-23 05:07 . 2010-06-23 05:07 501936 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Google\Google Toolbar\Update\gtb3.tmp.exe
2010-06-21 17:29 . 2010-06-21 17:29 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\anwljwgfj
2010-06-21 00:41 . 2010-06-21 00:41 63488 ----a-w- c:\documents and settings\anh\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-21 00:41 . 2010-06-21 00:41 52224 ----a-w- c:\documents and settings\anh\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-21 00:41 . 2010-06-21 00:41 117760 ----a-w- c:\documents and settings\anh\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-21 00:40 . 2010-06-21 00:40 -------- d-----w- c:\documents and settings\anh\Application Data\SUPERAntiSpyware.com
2010-06-21 00:40 . 2010-06-21 00:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-06-21 00:39 . 2010-06-21 00:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-20 14:48 . 2010-06-20 14:48 -------- d-----w- c:\documents and settings\anh\Application Data\Malwarebytes
2010-06-20 14:02 . 2010-06-20 14:02 -------- d-----w- c:\documents and settings\Administrator.HOANG\Application Data\Malwarebytes
2010-06-20 14:02 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 14:02 . 2010-06-20 14:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 14:02 . 2010-06-20 14:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-06-20 14:02 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 13:20 . 2010-06-20 13:20 -------- d-----w- c:\program files\CCleaner
2010-06-20 06:59 . 2010-06-20 14:44 -------- d-----w- c:\documents and settings\Administrator.HOANG\Application Data\Uwmyf
2010-06-20 06:58 . 2010-06-20 06:58 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-06-20 06:58 . 2010-06-26 14:38 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-19 13:20 . 2010-06-19 13:20 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-06-19 13:08 . 2010-06-19 13:08 -------- d-----w- c:\documents and settings\anh\Local Settings\Application Data\itnackthn
2010-06-13 23:30 . 2010-06-13 23:30 -------- d-----w- c:\program files\pdfsam
2010-06-13 22:41 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 01:40 . 2010-06-09 01:40 -------- d-----w- c:\documents and settings\anh\Application Data\NewSoft
2010-06-09 01:39 . 2010-06-09 01:39 -------- d-----w- c:\documents and settings\anh\Local Settings\Application Data\NewSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 23:27 . 2009-03-28 00:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-06-29 03:07 . 2006-09-08 15:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 02:56 . 2006-09-08 15:49 -------- d-----w- c:\program files\Dell
2010-06-21 00:47 . 2009-05-07 11:41 -------- d-----w- c:\documents and settings\anh\Application Data\Skype
2010-06-20 14:49 . 2009-09-05 22:12 -------- d-----w- c:\documents and settings\anh\Application Data\Otoxi
2010-06-20 13:42 . 2007-03-04 18:50 -------- d-----w- c:\program files\Canon
2010-06-16 02:58 . 2009-06-18 03:23 -------- d-----w- c:\documents and settings\anh\Application Data\Canon
2010-06-15 01:23 . 2010-03-25 02:17 -------- d-----w- c:\documents and settings\anh\Application Data\PrimoPDF
2010-06-09 01:40 . 2009-06-18 02:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ScanSoft
2010-06-09 01:40 . 2007-03-04 18:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-06-09 01:40 . 2009-06-18 03:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SSScanWizard
2010-06-09 01:40 . 2009-06-18 03:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
2010-05-26 19:36 . 2010-05-26 19:36 503808 ----a-w- c:\documents and settings\anh\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-21b9629f-n\msvcp71.dll
2010-05-26 19:36 . 2010-05-26 19:36 499712 ----a-w- c:\documents and settings\anh\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-21b9629f-n\jmc.dll
2010-05-26 19:36 . 2010-05-26 19:36 348160 ----a-w- c:\documents and settings\anh\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-21b9629f-n\msvcr71.dll
2010-05-18 02:04 . 2006-09-08 15:54 -------- d-----w- c:\program files\Google
2010-05-14 16:25 . 2010-05-14 16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-05-14 16:25 . 2010-05-14 16:25 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-05-10 03:53 . 2009-05-03 21:16 -------- d-----w- c:\documents and settings\anh\Application Data\Azureus
2010-05-10 00:55 . 2007-01-22 15:25 -------- d-----w- c:\program files\PeerGuardian2
2010-05-09 22:12 . 2010-05-09 22:12 10686001 ----a-w- c:\documents and settings\anh\Application Data\Azureus\plugins\azump\mplayer.exe
2010-05-06 10:41 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-10 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 02:23 . 2010-04-13 02:23 152576 ----a-w- c:\documents and settings\anh\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-04-13 02:23 . 2009-11-07 15:08 79488 ----a-w- c:\documents and settings\anh\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-21 282624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-28 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 23:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-11 19:52 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-02-20 22:22 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-07 17:13 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-11 02:46 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"iPod Service"=3 (0x3)
"FileZilla Server"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c9ba4e5b101f64"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S4 gupdate1c9ba4e5b101f64;Google Update Service (gupdate1c9ba4e5b101f64);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2009 9:36 PM 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/12/2009 5:45 PM 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-05 00:17]

2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 02:36]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.12/uploader2.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
MSConfigStartUp-UIUCU - c:\docume~1\anh\LOCALS~1\Temp\UIUCU.EXE
MSConfigStartUp-{A8B00128-3651-B049-7E9E-0A7C289DFC7C} - c:\documents and settings\anh\Application Data\Vaaht\yrsy.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-01 20:08:54
ComboFix-quarantined-files.txt 2010-07-02 01:08

Pre-Run: 106,274,131,968 bytes free
Post-Run: 106,671,747,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 0F606C54950539B1BD2F1BA7AD32C1F1
vietgirl801
Active Member
 
Posts: 11
Joined: June 25th, 2010, 9:40 am

Re: Hijack This Log - please help

Unread postby vietgirl801 » July 1st, 2010, 9:35 pm

thank you
vietgirl801
Active Member
 
Posts: 11
Joined: June 25th, 2010, 9:40 am

Re: Hijack This Log - please help

Unread postby vict0r » July 2nd, 2010, 10:10 pm

I'm sorry about the delay. I will post the next set of instructions as soon as I can.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Hijack This Log - please help

Unread postby vict0r » July 3rd, 2010, 6:51 am

Retrieve Malwarebytes Anti-Malware log

  • Open Malwarebytes' Anti-Malware
  • Select the Logs tab
  • Click on the latest log. The bottom most log is the latest
  • Click Open
  • Notepad will open. Please post this log in your next reply.


Malwarebytes' Anti-Malware

Please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware if not already open
  • Select the Update tab
  • Click Check for Updates and complete the update process.
  • After the update have been completed, Select the Scanner tab.
  • Select Perform full scan, then click on Scan
  • Leave the default options as it is and click on Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Check (tick) all items except items in the C:\System Volume Information folder... then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest


DDS

There should still be a copy of DDS on your desktop. If not, please download DDS by sUBs from one of the links below and save it to your desktop:

Image
Download DDS and save it to your desktop

Link1
Link2
Link3 <<< right click and select Save as...

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on the dds icon, a command window will appear. This is normal.
  • Two logs will appear when the scan is finished:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


When ready, please post:
  • the MBAM logs
  • the DDS logs
  • How is your computer performing now? Are you still experiencing redirects?

Note: Continue to reply to this thread until I tell you that the logs are clean! Absence of symptoms does not necessarily mean a clean computer!
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Hijack This Log - please help

Unread postby vietgirl801 » July 4th, 2010, 8:17 am

How is your computer performing now? Computer is performing nicely. I've restarted the computer about three times and there has been no pop ups or redirect. thank you.
Are you still experiencing redirects? no

MBAM logs:

older:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4246

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/27/2010 3:02:55 PM
mbam-log-2010-06-27 (15-02-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 463721
Time elapsed: 3 hour(s), 43 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Most recent:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4273

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/3/2010 11:10:47 PM
mbam-log-2010-07-03 (23-10-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 453923
Time elapsed: 2 hour(s), 51 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by anh at 7:14:15.40 on Sun 07/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2361 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\anh\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.12/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/sho ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-1-27 144704]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-2 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-1-27 54608]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-20 38224]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-3-11 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-3-11 34408]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-3-11 177864]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\askservice.exe --> c:\program files\askbardis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\askupgrade.exe --> c:\program files\askbardis\bar\bin\ASKUpgrade.exe [?]
S4 gupdate1c9ba4e5b101f64;Google Update Service (gupdate1c9ba4e5b101f64);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]

=============== Created Last 30 ================

2010-07-02 00:34:49 0 d-sha-r- C:\cmdcons
2010-07-02 00:26:56 98816 ----a-w- c:\windows\sed.exe
2010-07-02 00:26:56 77312 ----a-w- c:\windows\MBR.exe
2010-07-02 00:26:56 256512 ----a-w- c:\windows\PEV.exe
2010-07-02 00:26:56 161792 ----a-w- c:\windows\SWREG.exe
2010-07-02 00:26:38 0 d-----w- C:\ComboFix
2010-07-02 00:11:05 20 ----a-w- c:\documents and settings\anh\defogger_reenable
2010-06-29 03:19:59 0 d-----w- c:\windows\system32\vmm32
2010-06-29 03:07:30 0 d-----w- c:\program files\Creative
2010-06-25 01:58:50 0 d-----w- c:\program files\Trend Micro
2010-06-25 01:50:10 0 d-----w- c:\program files\Snood 4
2010-06-21 00:40:18 0 d-----w- c:\docume~1\anh\applic~1\SUPERAntiSpyware.com
2010-06-21 00:40:18 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-06-21 00:39:47 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-20 14:48:03 0 d-----w- c:\docume~1\anh\applic~1\Malwarebytes
2010-06-20 14:02:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 14:02:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 14:02:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 14:02:21 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-06-20 13:20:13 0 d-----w- c:\program files\CCleaner
2010-06-20 06:58:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-20 00:00:34 13738 ----a-w- c:\windows\system32\wpa.dbl
2010-06-13 23:30:32 0 d-----w- c:\program files\pdfsam
2010-06-13 22:41:03 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 01:40:06 0 d-----w- c:\docume~1\anh\applic~1\NewSoft

==================== Find3M ====================

2010-05-14 16:25:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-05-14 16:25:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-03-29 17:07:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030920090316\index.dat
2009-03-29 17:07:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032920090330\index.dat

============= FINISH: 7:14:30.08 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/11/2009 1:07:03 AM
System Uptime: 7/3/2010 7:38:16 PM (12 hours ago)

Motherboard: Dell Inc. | | 0WG855
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 293 GiB total, 99.393 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SigmaTel High Definition Audio CODEC
Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7618&SUBSYS_00000100&REV_1002\4&329F3825&0&0201
Manufacturer: SigmaTel
Name: SigmaTel High Definition Audio CODEC
PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7618&SUBSYS_00000100&REV_1002\4&329F3825&0&0201
Service: STHDA

==== System Restore Points ===================

RP1222: 4/5/2010 12:00:13 PM - Software Distribution Service 3.0
RP1223: 4/5/2010 12:18:21 PM - Software Distribution Service 3.0
RP1224: 4/5/2010 5:26:41 PM - Software Distribution Service 3.0
RP1225: 4/6/2010 12:01:48 AM - Software Distribution Service 3.0
RP1226: 4/6/2010 8:41:01 AM - Software Distribution Service 3.0
RP1227: 4/6/2010 10:10:42 AM - Software Distribution Service 3.0
RP1228: 4/6/2010 2:11:57 PM - Software Distribution Service 3.0
RP1229: 4/6/2010 10:50:47 PM - Software Distribution Service 3.0
RP1230: 4/7/2010 12:32:57 PM - Software Distribution Service 3.0
RP1231: 4/8/2010 1:04:06 AM - Software Distribution Service 3.0
RP1232: 4/8/2010 12:00:13 PM - Software Distribution Service 3.0
RP1233: 4/8/2010 3:37:34 PM - Software Distribution Service 3.0
RP1234: 4/8/2010 11:57:39 PM - Software Distribution Service 3.0
RP1235: 4/9/2010 11:19:41 AM - Software Distribution Service 3.0
RP1236: 4/9/2010 2:50:47 PM - Software Distribution Service 3.0
RP1237: 4/10/2010 12:47:06 AM - Software Distribution Service 3.0
RP1238: 4/10/2010 10:52:58 AM - Software Distribution Service 3.0
RP1239: 4/10/2010 12:00:13 PM - Software Distribution Service 3.0
RP1240: 4/10/2010 4:20:20 PM - Software Distribution Service 3.0
RP1241: 4/10/2010 11:56:33 PM - Software Distribution Service 3.0
RP1242: 4/11/2010 12:00:13 PM - Software Distribution Service 3.0
RP1243: 4/11/2010 4:13:39 PM - Software Distribution Service 3.0
RP1244: 4/11/2010 7:04:44 PM - Software Distribution Service 3.0
RP1245: 4/11/2010 11:12:22 PM - Software Distribution Service 3.0
RP1246: 4/11/2010 11:17:55 PM - Software Distribution Service 3.0
RP1247: 4/11/2010 11:18:25 PM - Software Distribution Service 3.0
RP1248: 4/12/2010 12:00:13 PM - Software Distribution Service 3.0
RP1249: 4/12/2010 2:05:22 PM - Software Distribution Service 3.0
RP1250: 4/12/2010 9:24:16 PM - Installed Java(TM) 6 Update 17
RP1251: 4/12/2010 9:45:50 PM - Installed Windows Internet Explorer 8.
RP1252: 4/12/2010 9:46:50 PM - Software Distribution Service 3.0
RP1253: 4/13/2010 12:00:14 PM - Software Distribution Service 3.0
RP1254: 4/13/2010 11:14:09 PM - Software Distribution Service 3.0
RP1255: 4/14/2010 12:00:13 PM - Software Distribution Service 3.0
RP1256: 4/14/2010 11:09:51 PM - Software Distribution Service 3.0
RP1257: 4/15/2010 9:14:52 AM - Software Distribution Service 3.0
RP1258: 4/15/2010 12:49:38 PM - Software Distribution Service 3.0
RP1259: 4/15/2010 2:10:04 PM - Software Distribution Service 3.0
RP1260: 4/15/2010 10:22:24 PM - Software Distribution Service 3.0
RP1261: 4/16/2010 11:58:32 AM - Software Distribution Service 3.0
RP1262: 4/16/2010 3:17:37 PM - Software Distribution Service 3.0
RP1263: 4/16/2010 10:53:53 PM - Software Distribution Service 3.0
RP1264: 4/17/2010 2:43:14 PM - Software Distribution Service 3.0
RP1265: 4/17/2010 3:39:35 PM - Software Distribution Service 3.0
RP1266: 4/17/2010 4:58:19 PM - Software Distribution Service 3.0
RP1267: 4/17/2010 10:12:09 PM - Software Distribution Service 3.0
RP1268: 4/17/2010 11:32:27 PM - Software Distribution Service 3.0
RP1269: 4/18/2010 12:00:13 PM - Software Distribution Service 3.0
RP1270: 4/18/2010 1:50:50 PM - Software Distribution Service 3.0
RP1271: 4/18/2010 2:46:32 PM - Software Distribution Service 3.0
RP1272: 4/18/2010 10:54:18 PM - Software Distribution Service 3.0
RP1273: 4/19/2010 12:00:13 PM - Software Distribution Service 3.0
RP1274: 4/19/2010 12:20:47 PM - Software Distribution Service 3.0
RP1275: 4/19/2010 8:57:38 PM - Software Distribution Service 3.0
RP1276: 4/20/2010 9:54:35 AM - Software Distribution Service 3.0
RP1277: 4/20/2010 1:40:21 PM - Software Distribution Service 3.0
RP1278: 4/20/2010 10:27:08 PM - Software Distribution Service 3.0
RP1279: 4/21/2010 12:00:13 PM - Software Distribution Service 3.0
RP1280: 4/21/2010 12:57:58 PM - Software Distribution Service 3.0
RP1281: 4/21/2010 9:02:23 PM - Software Distribution Service 3.0
RP1282: 4/22/2010 11:47:04 AM - Software Distribution Service 3.0
RP1283: 4/22/2010 2:41:39 PM - Software Distribution Service 3.0
RP1284: 4/22/2010 9:53:31 PM - Software Distribution Service 3.0
RP1285: 4/22/2010 10:02:07 PM - Software Distribution Service 3.0
RP1286: 4/23/2010 12:00:13 PM - Software Distribution Service 3.0
RP1287: 4/23/2010 7:09:18 PM - Software Distribution Service 3.0
RP1288: 4/24/2010 12:14:03 AM - Software Distribution Service 3.0
RP1289: 4/24/2010 12:30:14 PM - Software Distribution Service 3.0
RP1290: 4/24/2010 12:36:07 PM - Software Distribution Service 3.0
RP1291: 4/24/2010 4:00:02 PM - Software Distribution Service 3.0
RP1292: 4/24/2010 8:08:15 PM - Software Distribution Service 3.0
RP1293: 4/25/2010 12:00:14 PM - Software Distribution Service 3.0
RP1294: 4/25/2010 11:20:40 PM - Software Distribution Service 3.0
RP1295: 4/26/2010 12:00:13 PM - Software Distribution Service 3.0
RP1296: 4/26/2010 2:59:49 PM - Software Distribution Service 3.0
RP1297: 4/26/2010 5:03:19 PM - Software Distribution Service 3.0
RP1298: 4/26/2010 11:49:08 PM - Software Distribution Service 3.0
RP1299: 4/27/2010 11:00:42 AM - Software Distribution Service 3.0
RP1300: 4/27/2010 12:54:39 PM - Software Distribution Service 3.0
RP1301: 4/27/2010 9:14:43 PM - Software Distribution Service 3.0
RP1302: 4/28/2010 11:56:20 AM - Software Distribution Service 3.0
RP1303: 4/28/2010 2:56:09 PM - Software Distribution Service 3.0
RP1304: 4/28/2010 9:06:22 PM - Software Distribution Service 3.0
RP1305: 4/29/2010 12:00:13 PM - Software Distribution Service 3.0
RP1306: 4/29/2010 5:41:21 PM - Software Distribution Service 3.0
RP1307: 4/29/2010 10:46:13 PM - Software Distribution Service 3.0
RP1308: 4/30/2010 12:00:13 PM - Software Distribution Service 3.0
RP1309: 4/30/2010 12:02:57 PM - Software Distribution Service 3.0
RP1310: 4/30/2010 4:39:41 PM - Software Distribution Service 3.0
RP1311: 4/30/2010 8:52:58 PM - Software Distribution Service 3.0
RP1312: 5/1/2010 11:14:42 AM - Software Distribution Service 3.0
RP1313: 5/1/2010 5:51:10 PM - Software Distribution Service 3.0
RP1314: 5/1/2010 10:48:04 PM - Software Distribution Service 3.0
RP1315: 5/2/2010 2:05:02 PM - Software Distribution Service 3.0
RP1316: 5/2/2010 4:55:27 PM - Software Distribution Service 3.0
RP1317: 5/2/2010 10:39:57 PM - Software Distribution Service 3.0
RP1318: 5/3/2010 12:00:13 PM - Software Distribution Service 3.0
RP1319: 5/3/2010 10:09:26 PM - Software Distribution Service 3.0
RP1320: 5/4/2010 12:00:13 PM - Software Distribution Service 3.0
RP1321: 5/4/2010 10:13:36 PM - Software Distribution Service 3.0
RP1322: 5/5/2010 12:00:13 PM - Software Distribution Service 3.0
RP1323: 5/5/2010 2:12:54 PM - Software Distribution Service 3.0
RP1324: 5/5/2010 11:06:05 PM - Software Distribution Service 3.0
RP1325: 5/6/2010 11:11:49 AM - Software Distribution Service 3.0
RP1326: 5/6/2010 10:00:26 PM - Software Distribution Service 3.0
RP1327: 5/7/2010 8:07:19 AM - Software Distribution Service 3.0
RP1328: 5/7/2010 12:00:13 PM - Software Distribution Service 3.0
RP1329: 5/7/2010 12:47:53 PM - Software Distribution Service 3.0
RP1330: 5/7/2010 6:14:32 PM - Software Distribution Service 3.0
RP1331: 5/7/2010 11:18:41 PM - Software Distribution Service 3.0
RP1332: 5/8/2010 12:00:13 PM - Software Distribution Service 3.0
RP1333: 5/8/2010 3:45:08 PM - Software Distribution Service 3.0
RP1334: 5/8/2010 9:41:17 PM - Software Distribution Service 3.0
RP1335: 5/9/2010 12:00:13 PM - Software Distribution Service 3.0
RP1336: 5/10/2010 12:00:13 PM - Software Distribution Service 3.0
RP1337: 5/10/2010 12:54:52 PM - Software Distribution Service 3.0
RP1338: 5/10/2010 9:52:52 PM - Software Distribution Service 3.0
RP1339: 5/11/2010 11:34:24 AM - Software Distribution Service 3.0
RP1340: 5/11/2010 11:50:25 PM - Software Distribution Service 3.0
RP1341: 5/12/2010 10:14:07 AM - Software Distribution Service 3.0
RP1342: 5/12/2010 4:28:07 PM - Software Distribution Service 3.0
RP1343: 5/12/2010 11:48:51 PM - Software Distribution Service 3.0
RP1344: 5/13/2010 12:00:13 PM - Software Distribution Service 3.0
RP1345: 5/13/2010 1:02:34 PM - Software Distribution Service 3.0
RP1346: 5/13/2010 4:56:09 PM - Software Distribution Service 3.0
RP1347: 5/13/2010 9:52:43 PM - Software Distribution Service 3.0
RP1348: 5/14/2010 11:24:12 AM - Software Distribution Service 3.0
RP1349: 5/14/2010 12:00:14 PM - Software Distribution Service 3.0
RP1350: 5/14/2010 11:45:40 PM - Software Distribution Service 3.0
RP1351: 5/15/2010 12:00:13 PM - Software Distribution Service 3.0
RP1352: 5/15/2010 6:42:37 PM - Software Distribution Service 3.0
RP1353: 5/16/2010 2:01:00 PM - Software Distribution Service 3.0
RP1354: 5/16/2010 3:48:02 PM - Software Distribution Service 3.0
RP1355: 5/16/2010 6:25:23 PM - Software Distribution Service 3.0
RP1356: 5/16/2010 9:07:08 PM - Software Distribution Service 3.0
RP1357: 5/16/2010 9:20:51 PM - Software Distribution Service 3.0
RP1358: 5/16/2010 11:35:08 PM - Software Distribution Service 3.0
RP1359: 5/17/2010 12:00:13 PM - Software Distribution Service 3.0
RP1360: 5/17/2010 4:40:26 PM - Software Distribution Service 3.0
RP1361: 5/17/2010 10:30:45 PM - Software Distribution Service 3.0
RP1362: 5/18/2010 11:06:36 AM - Software Distribution Service 3.0
RP1363: 5/18/2010 1:55:56 PM - Software Distribution Service 3.0
RP1364: 5/18/2010 11:48:25 PM - Software Distribution Service 3.0
RP1365: 5/19/2010 11:09:22 AM - Software Distribution Service 3.0
RP1366: 5/19/2010 1:14:23 PM - Software Distribution Service 3.0
RP1367: 5/19/2010 3:51:57 PM - Software Distribution Service 3.0
RP1368: 5/19/2010 6:23:53 PM - Software Distribution Service 3.0
RP1369: 5/20/2010 12:00:13 PM - Software Distribution Service 3.0
RP1370: 5/20/2010 1:03:35 PM - Software Distribution Service 3.0
RP1371: 5/20/2010 10:11:45 PM - Software Distribution Service 3.0
RP1372: 5/25/2010 8:25:26 PM - Software Distribution Service 3.0
RP1373: 5/25/2010 10:13:04 PM - Software Distribution Service 3.0
RP1374: 5/26/2010 11:21:11 AM - Software Distribution Service 3.0
RP1375: 5/26/2010 2:31:46 PM - Software Distribution Service 3.0
RP1376: 5/26/2010 9:53:12 PM - Software Distribution Service 3.0
RP1377: 5/27/2010 12:00:13 PM - Software Distribution Service 3.0
RP1378: 5/27/2010 12:20:28 PM - Software Distribution Service 3.0
RP1379: 5/27/2010 11:27:27 PM - Software Distribution Service 3.0
RP1380: 5/28/2010 12:00:13 PM - Software Distribution Service 3.0
RP1381: 5/28/2010 1:20:46 PM - Software Distribution Service 3.0
RP1382: 5/29/2010 12:51:59 AM - Software Distribution Service 3.0
RP1383: 5/29/2010 10:22:23 AM - Software Distribution Service 3.0
RP1384: 5/29/2010 2:25:09 PM - Software Distribution Service 3.0
RP1385: 5/29/2010 10:54:51 PM - Software Distribution Service 3.0
RP1386: 5/30/2010 11:18:07 AM - Software Distribution Service 3.0
RP1387: 5/30/2010 12:56:33 PM - Software Distribution Service 3.0
RP1388: 5/30/2010 8:06:06 PM - Software Distribution Service 3.0
RP1389: 5/31/2010 11:10:48 AM - Software Distribution Service 3.0
RP1390: 5/31/2010 2:26:13 PM - Software Distribution Service 3.0
RP1391: 5/31/2010 11:01:54 PM - Software Distribution Service 3.0
RP1392: 6/1/2010 3:57:01 PM - Software Distribution Service 3.0
RP1393: 6/1/2010 11:25:15 PM - Software Distribution Service 3.0
RP1394: 6/2/2010 12:00:13 PM - Software Distribution Service 3.0
RP1395: 6/2/2010 12:11:08 PM - Software Distribution Service 3.0
RP1396: 6/2/2010 2:07:41 PM - Software Distribution Service 3.0
RP1397: 6/2/2010 11:28:24 PM - Software Distribution Service 3.0
RP1398: 6/3/2010 12:00:13 PM - Software Distribution Service 3.0
RP1399: 6/3/2010 5:59:26 PM - Software Distribution Service 3.0
RP1400: 6/4/2010 12:37:03 AM - Software Distribution Service 3.0
RP1401: 6/4/2010 12:00:13 PM - Software Distribution Service 3.0
RP1402: 6/4/2010 1:51:44 PM - Software Distribution Service 3.0
RP1403: 6/4/2010 6:28:25 PM - Software Distribution Service 3.0
RP1404: 6/4/2010 10:24:45 PM - Software Distribution Service 3.0
RP1405: 6/5/2010 11:52:03 AM - Software Distribution Service 3.0
RP1406: 6/5/2010 3:50:06 PM - Software Distribution Service 3.0
RP1407: 6/5/2010 7:41:47 PM - Software Distribution Service 3.0
RP1408: 6/5/2010 11:38:17 PM - Software Distribution Service 3.0
RP1409: 6/6/2010 12:00:13 PM - Software Distribution Service 3.0
RP1410: 6/6/2010 12:27:50 PM - Software Distribution Service 3.0
RP1411: 6/6/2010 3:56:03 PM - Software Distribution Service 3.0
RP1412: 6/6/2010 10:46:22 PM - Software Distribution Service 3.0
RP1413: 6/7/2010 12:00:13 PM - Software Distribution Service 3.0
RP1414: 6/7/2010 10:21:08 PM - Software Distribution Service 3.0
RP1415: 6/8/2010 12:00:13 PM - Software Distribution Service 3.0
RP1416: 6/13/2010 5:30:05 PM - Software Distribution Service 3.0
RP1417: 6/13/2010 5:53:23 PM - Software Distribution Service 3.0
RP1418: 6/13/2010 9:04:09 PM - Software Distribution Service 3.0
RP1419: 6/14/2010 12:00:13 PM - Software Distribution Service 3.0
RP1420: 6/14/2010 2:53:57 PM - Software Distribution Service 3.0
RP1421: 6/14/2010 11:56:27 PM - Software Distribution Service 3.0
RP1422: 6/15/2010 12:00:13 PM - Software Distribution Service 3.0
RP1423: 6/15/2010 12:34:54 PM - Software Distribution Service 3.0
RP1424: 6/15/2010 11:11:58 PM - Software Distribution Service 3.0
RP1425: 6/16/2010 12:00:13 PM - Software Distribution Service 3.0
RP1426: 6/16/2010 12:33:23 PM - Software Distribution Service 3.0
RP1427: 6/16/2010 10:42:53 PM - Software Distribution Service 3.0
RP1428: 6/17/2010 12:00:13 PM - Software Distribution Service 3.0
RP1429: 6/17/2010 10:55:07 PM - Software Distribution Service 3.0
RP1430: 6/18/2010 12:00:13 PM - Software Distribution Service 3.0
RP1431: 6/18/2010 1:46:53 PM - Software Distribution Service 3.0
RP1432: 6/18/2010 11:01:20 PM - Software Distribution Service 3.0
RP1433: 6/19/2010 6:11:34 AM - Software Distribution Service 3.0
RP1434: 6/19/2010 6:23:09 AM - Removed Adobe Media Player
RP1435: 6/19/2010 6:34:17 AM - Software Distribution Service 3.0
RP1436: 6/19/2010 8:25:39 AM - Software Distribution Service 3.0
RP1437: 6/19/2010 9:44:10 AM - Software Distribution Service 3.0
RP1438: 6/19/2010 12:00:12 PM - Software Distribution Service 3.0
RP1439: 6/19/2010 12:03:31 PM - Software Distribution Service 3.0
RP1440: 6/19/2010 6:58:32 PM - Software Distribution Service 3.0
RP1441: 6/20/2010 12:09:43 AM - Software Distribution Service 3.0
RP1442: 6/20/2010 4:13:26 PM - Software Distribution Service 3.0
RP1443: 6/21/2010 3:39:56 PM - Software Distribution Service 3.0
RP1444: 6/21/2010 10:18:03 PM - Software Distribution Service 3.0
RP1445: 6/22/2010 10:24:15 AM - Software Distribution Service 3.0
RP1446: 6/22/2010 5:58:16 PM - Software Distribution Service 3.0
RP1447: 6/22/2010 10:56:59 PM - Software Distribution Service 3.0
RP1448: 6/23/2010 10:17:34 PM - Software Distribution Service 3.0
RP1449: 6/24/2010 12:00:14 PM - Software Distribution Service 3.0
RP1450: 6/24/2010 12:22:13 PM - Software Distribution Service 3.0
RP1451: 6/24/2010 5:28:37 PM - Software Distribution Service 3.0
RP1452: 6/24/2010 8:55:36 PM - Software Distribution Service 3.0
RP1453: 6/24/2010 8:58:50 PM - Installed HiJackThis
RP1454: 6/24/2010 11:33:11 PM - Software Distribution Service 3.0
RP1455: 6/25/2010 12:00:15 PM - Software Distribution Service 3.0
RP1456: 6/25/2010 1:22:40 PM - Software Distribution Service 3.0
RP1457: 6/25/2010 5:51:01 PM - Software Distribution Service 3.0
RP1458: 6/25/2010 11:13:25 PM - Software Distribution Service 3.0
RP1459: 6/26/2010 12:00:14 PM - Software Distribution Service 3.0
RP1460: 6/26/2010 2:53:06 PM - Software Distribution Service 3.0
RP1461: 6/26/2010 10:36:00 PM - Software Distribution Service 3.0
RP1462: 6/27/2010 12:00:22 PM - Software Distribution Service 3.0
RP1463: 6/27/2010 10:07:42 PM - Software Distribution Service 3.0
RP1464: 6/28/2010 12:00:14 PM - Software Distribution Service 3.0
RP1465: 6/28/2010 10:07:30 PM - Installed SAMB_ADVMB_FILTER_DRV
RP1466: 6/29/2010 9:14:10 PM - Software Distribution Service 3.0
RP1467: 6/29/2010 9:20:04 PM - Software Distribution Service 3.0
RP1468: 6/30/2010 5:54:51 PM - Software Distribution Service 3.0
RP1469: 6/30/2010 8:36:05 PM - Software Distribution Service 3.0
RP1470: 7/1/2010 6:27:57 PM - Software Distribution Service 3.0
RP1471: 7/1/2010 8:29:07 PM - Software Distribution Service 3.0
RP1472: 7/1/2010 10:42:26 PM - Software Distribution Service 3.0
RP1473: 7/2/2010 10:36:20 PM - Software Distribution Service 3.0
RP1474: 7/3/2010 10:56:25 PM - System Checkpoint

==== Installed Programs ======================

"Nero SoundTrax Help
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
Advertising Center
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Canon MP Navigator 2.2
Canon MP530
CCleaner
Comcast High-Speed Internet Install Wizard
Dell Driver Download Manager
Dell Resource CD
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DolbyFiles
Easy-WebPrint
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GraphPad Prism 5 (Trial)
H.264 Decoder
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
Intel(R) PRO Network Connections
Intel(R) Quick Resume Technology Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
K-Lite Mega Codec Pack 4.9.0
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash Player 8 Plugin
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Menu Templates - Starter Kit
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Modem Diagnostic Tool
Modem Helper
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA Drivers
OmniPage SE 2.0
Otto
pdfsam
Picasa 3
Presto! PageManager 7.15.11
PrimoPDF -- by Nitro PDF Software
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SigmaTel Audio
Snood 4
Sonic Encoders
Sound Blaster ADVANCED MB Drivers
SoundTrax
Spybot - Search & Destroy
SUPERAntiSpyware
The Rosetta Stone
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

7/1/2010 7:56:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/1/2010 7:26:04 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
7/1/2010 7:00:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Nero BackItUp Scheduler 4.0 with arguments "-Service" in order to run the server: {35212119-C615-4CD0-8DA5-7D7F19FBA1B8}
6/28/2010 9:56:15 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate1c9ba4e5b101f64 with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
6/28/2010 3:51:56 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/28/2010 12:00:53 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
6/28/2010 10:08:41 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================



THANK YOU!
vietgirl801
Active Member
 
Posts: 11
Joined: June 25th, 2010, 9:40 am

Re: Hijack This Log - please help

Unread postby vict0r » July 4th, 2010, 5:43 pm

Can you find and post the Mawarebytes' Anti-Malware log from the scan you are referring to in your first post (where MBAM removed targets)?


Uninstall misc programs

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. I will include instructions to reinstall later.

    Adobe Reader 9.1.3
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 17

  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above.


Temp File Cleaner

  • Please download TFC and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.
  • NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. If needed will you be prompted to reboot. Reboot immediately.


Disable McAfee AntiVirus

  • Right click the McAfee Antivirus icon in the system tray.
  • Select the menu entry to disable the on-access scanner.
Note: Don't forget to re-enable it after the fix.


Combofix

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
KillAll::

Driver::
ASKService
ASKUpgrade

DDS::
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FileZilla Server"=-
"ASKUpgrade"=-
"ASKService"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

Folder::
c:\documents and settings\anh\Application Data\Azureus
c:\program files\AskBarDis

DirLook::
c:\documents and settings\anh\Application Data\Otoxi
c:\documents and settings\anh\Local Settings\Application Data\itnackthn
c:\documents and settings\Administrator.HOANG\Application Data\Uwmyf
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\anwljwgfj


Save the file as "CFScript.txt", and as Type: All Files (*.*) on your desktop.

Image

Refer to the picture above, then save all work and close all programs including any open browsers(!) and drag CFScript onto ComboFix.exe

If Combofix prompts you to upgrade, please allow it.

When finished, it shall produce a log for you at C:\ComboFix.txt.


Reinstall Java

Download and install Java Runtime Environment (JRE) 6 Update 20


Kaspersky Online Scan

Make sure McAfee Antivirus is disabled.

Note: This download is about 200Mb and the scan can last for several hours.

  • Hold down Control then click on the following link to open a new window to Kaspersky Online Scan
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan. * This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.


You can now enable McAfee.


To post:
  • the MBAM log
  • the Combofix log
  • the Kaspersky log
  • Did any problems occur while following the instructions?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware