Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser redirects

Unread postby deltalima » July 31st, 2010, 11:52 am

OK, thanks for letting me know. I will reply to this topic every couple of days to keep it open until you return.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: Browser redirects

Unread postby deltalima » August 2nd, 2010, 4:12 am

Bump to keep topic active.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby deltalima » August 3rd, 2010, 5:57 pm

Bump to keep topic active.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby deltalima » August 5th, 2010, 3:13 am

Bump to keep topic active.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby justin234 » August 6th, 2010, 12:44 pm

Hi Deltalima,

Things are running better. Thank you. Scan finds 2 or 3 new infections every morning. But after they are removed, no redirects.

Justin


Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4340

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/6/2010 8:19:45 AM
mbam-log-2010-08-06 (08-19-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 250029
Time elapsed: 2 hour(s), 15 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> No action taken.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am

Re: Browser redirects

Unread postby deltalima » August 6th, 2010, 12:59 pm

Hi justin234,

Scan finds 2 or 3 new infections every morning


Let's find out what is causing those.

Are the detections each morning the same or are they different every day?

Do you still get redirects until the detections are removed ?

Please run another scan with RKU and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby justin234 » August 6th, 2010, 4:12 pm

Hi Deltalima,

My father is very ill and I have to be gone for another week. I'm sorry about the delay. Thank you for being so patient. I am not sure about the questions you asked, I wasn't paying attention. I just ran the scan in the morning now that I am overly cautious. Here is the latest RKU.
Justin

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4247552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 52.16 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7232000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1466368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 )
0xF6EF7000 C:\WINDOWS\system32\drivers\P16X.sys 1331200 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xF70C8000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1093632 bytes (Conexant Systems, HSF_DP driver)
0xF7494000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF703C000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 573440 bytes (Conexant Systems, WinACHSF driver)
0xF51EE000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6D60000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF73F1000 mfehidk.sys 376832 bytes (McAfee, Inc., McAfee Link Driver)
0xF5322000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF3403000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF29E5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF540D000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 241664 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xF53A0000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF75A0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF3572000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7467000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF6E84000 C:\WINDOWS\System32\DRIVERS\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xEE2D7000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF5286000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF52D3000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF71D3000 C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 159744 bytes (Conexant Systems, HSF_HWB2 WDM driver)
0xF52FB000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xF51C8000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEF17F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6EB0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF71FA000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6E41000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5 driver)
0xF6ED4000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF52B1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF6E64000 C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xF7538000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7570000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF6E0E000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 126976 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF744D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7558000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF51B0000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7521000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6DCF000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF2D36000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6E2D000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF721E000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF537B000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF2A76000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xF758F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6DBE000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF775F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF77CF000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF77BF000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF779F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF77DF000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF2F83000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF785F000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF762F000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF77AF000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF760F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF781F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF764F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF76CF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75FF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF780F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75EF000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF784F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF783F000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF761F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF778F000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF768F000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF2ECB000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xF782F000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF769F000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF27F5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF763F000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF76DF000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78FF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF796F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78F7000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7907000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF79AF000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF79EF000 C:\WINDOWS\system32\drivers\mferkdk.sys 28672 bytes (McAfee, Inc., VSCore Code Analysis Driver)
0xF786F000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF790F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF793F000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K))
0xF7917000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78EF000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF795F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF794F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7967000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7937000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF7877000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7927000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF792F000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF791F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF79DF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7ADB000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7AB7000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF4003000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A9F000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF79FF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7AA7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A9B000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF7AEB000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF346E000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7AAF000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF73A4000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7398000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B1B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B8B000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
0xF7B0B000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF7BA9000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B19000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AEF000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B1D000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B09000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B47000 C:\WINDOWS\System32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF7B1F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B11000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B17000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AF1000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BBA000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C1F000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7C20000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7C50000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C21000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BB7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x03EC0000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x8305A588 ] PID: 896, 28672 bytes
0x03E40000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x8305A588 ] PID: 896, 45056 bytes
0x02E00000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x8305A588 ] PID: 896, 77824 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\Ron\Cookies\ron@ad.wsod[2].txt
!-->[Hidden] C:\Documents and Settings\Ron\Cookies\ron@questionmarket[2].txt
!-->[Hidden] C:\Documents and Settings\Ron\Cookies\ron@ytsa[2].txt
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\1281119970__;10,1,53,64;1024;768;http%3A_@2F_@2Ffinance.yahoo[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\bg-chevron[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\bg-tglow-sprite[1].png
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\bg[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA13O479
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA1OT8FN
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA44OHE1
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA4T0DXA
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA5W0EZT
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA71Z3GV
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA7GBSH3
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA81W98V
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA8HH5ZE
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CA91YJCR
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAACOB3K
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAAHC49B
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CABC1SA3
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CABL936V
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAC7J2MP
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CACIVJFX
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAD11CNF
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAEFL9WQ
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAEQZHVH
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAEVMQON
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAF1K4CD
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAGVSS7Y
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAH1MYI8
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CALNYR2D
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CALQN82R
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAM9ULFI
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAMF89UL
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAOW3D0H
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAP3QC45
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAPY88FA
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAQZAHCR
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CASL1D0P
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAT8Q9WD
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CATKPM2K
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAW1GFY6
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAXFRJ0Q
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAZ1BH4P
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\CAZ1YSCS
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\combo[7]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\ET_LogoTextPO_No_120x30[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\FreeShipping79_large[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\imp[4]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\imp[5]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\nav_r4_c11[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\nav_r4_c2[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\spacer50[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\st[1]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\284ZOB8X\yfi_pf_top[1].js
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\1281120153__;10,1,53,64;1024;768;http%3A_@2F_@2Ffinance.yahoo[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\1[3].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\200x33_7_dNL[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\52[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\b[2].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\b[3].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\CAFPVGU8
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\finance_yahoo_com[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\imp[1]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\nav_r1_c1[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\nav_r4_c13[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\nav_r4_c4[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\rates_tabs_sprite[1].png
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\RSBCAJ8ZZ2ZCAQALCW2CA1YKKUGCAUGUOZUCAB3TNFHCASD5BE5CA0O6YD5CAWQMA7ACA21O4Z9CACPDG2FCA5MGXB2CAMRQLV8CA1UVU9ACANDHSJ9CAW81RYRCABWHGY9CAJ5M9JTCABL16SGCAU3TTXJCASFCDY9
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\SI5CAJ4ZQSICAHVTO3DCAQ271L8CAMS161XCAUY9RRECAFMCWJ9CA1S4QMTCAUJZD05CA0S7M14CA0TI8ZRCAMT1ZMSCAEVRCT7CAUJNCEZCAI2HIVPCAAX80CUCAWYA0R2CAXY8I1NCA8GSKL4CADPPA15CAB3ALAO
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\wbk3F4.tmp
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\_;ord=0[3].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\83G6E4BV\_;ord=1289059055747[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\3e913b13daf0b603e10f11fafbbcc0b3[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\69[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\button[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\bw_124x40-01[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\consumer_reports_135x40[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\icon-wallstreet[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\image;size=239x110[2].png
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\imp[3]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\nav_r2_c1[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\nav_r3_c1[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\nav_r4_c7[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\K1XB48G8\running-life[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\bg-tglow-base-white[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\button[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\b[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\b[2].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\ET_TradeFree_60Days_120x30[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\fmr[3].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\headline[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\icon-motley[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\iframe3[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\market_watch_96x27[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\nav_r2_c14[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\KKM3G9VK\nav_r4_c6[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\200x33_7_cNL[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\35ef734d6dd96e724badd9b5f4352055[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\bg_doc_blue[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\bg_view_more[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\dot[3].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\facebook-share-iframe[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\image;size=239x110[1].png
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\nav_r1_c3[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\nav_r2_c12[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\nav_r4_c15[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\nav_r4_c5[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MOQO8X6N\randm[1].js
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\1281119959648570[2].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\ad[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\GiftCard2[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\icon-kiplinger[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\ie7[1].css
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\nav_r2_c8[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\nav_r3_c8[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\nav_r4_c10[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\restserver[2].php
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\st[1]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\tn48[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\visitor[2].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\_;ord=1285284897696[1]
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\NOQFO66Z\_;ord=1285858579783[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\combo[1].css
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\Investors-Are-Still-Behaving-nytimes-811354384[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\july-jobs-data-turns-up-heat-on-democrats[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\MobileOffer[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\nav_r2_c3[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\nav_r3_c3[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\nav_r4_c9[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\restserver[2].php
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\script2[1].js
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\yfi_pf[1].css
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\yoga-life[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YHV71EY5\_;ord=1281120162125011[1].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\68[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\b[4].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\b[5].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\content-bg[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\deposits_lol_300x100_20k_g_v2[1].jpg
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\facebook-share-iframe[3].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\golf-life[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\icon-cnnmoney[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\nav_r1_c8[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\nav_r2_c16[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\nav_r4_c1[1].gif
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\YIAA0D1R\st[2].htm
!-->[Hidden] C:\Documents and Settings\Ron\Local Settings\temp\~DFCA0.tmp
!-->[Hidden] C:\Program Files\TeleChart\User\RTC\06\VQ.mqu
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateFile, Type: Inline - RelativeJump 0x8056CF98-->F7423CA6 [mfehidk.sys]
ntoskrnl.exe-->NtCreateKey, Type: Inline - RelativeJump 0x80570833-->F7423D3D [mfehidk.sys]
ntoskrnl.exe-->NtCreateProcess, Type: Inline - RelativeJump 0x805B14AC-->F7423C7C [mfehidk.sys]
ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8057FE4C-->F7423C90 [mfehidk.sys]
ntoskrnl.exe-->NtDeleteKey, Type: Inline - RelativeJump 0x80595316-->F7423D51 [mfehidk.sys]
ntoskrnl.exe-->NtDeleteValueKey, Type: Inline - RelativeJump 0x80592D64-->F7423D7D [mfehidk.sys]
ntoskrnl.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x80570F41-->F7423DEB [mfehidk.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Inline - RelativeJump 0x80589A67-->F7423DD5 [mfehidk.sys]
ntoskrnl.exe-->NtLoadKey2, Type: Inline - RelativeJump 0x805AECB8-->F7423E01 [mfehidk.sys]
ntoskrnl.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x80573D41-->F7423CE6 [mfehidk.sys]
ntoskrnl.exe-->NtOpenKey, Type: Inline - RelativeJump 0x80568D48-->F7423D29 [mfehidk.sys]
ntoskrnl.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x805719AC-->F7423C18 [mfehidk.sys]
ntoskrnl.exe-->NtOpenThread, Type: Inline - RelativeJump 0x8058E5C4-->F7423C2C [mfehidk.sys]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x80571E96-->F7423CBA [mfehidk.sys]
ntoskrnl.exe-->NtQueryKey, Type: Inline - RelativeJump 0x80570C4A-->F7423E55 [mfehidk.sys]
ntoskrnl.exe-->NtQueryMultipleValueKey, Type: Inline - RelativeJump 0x8064E66B-->F7423DBF [mfehidk.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Inline - RelativeJump 0x8056A1F9-->F7423DA9 [mfehidk.sys]
ntoskrnl.exe-->NtRenameKey, Type: Inline - RelativeJump 0x8064EAEA-->F7423D67 [mfehidk.sys]
ntoskrnl.exe-->NtReplaceKey, Type: Inline - RelativeJump 0x8064F446-->F7423E41 [mfehidk.sys]
ntoskrnl.exe-->NtRestoreKey, Type: Inline - RelativeJump 0x8064EFDD-->F7423E2D [mfehidk.sys]
ntoskrnl.exe-->NtSetContextThread, Type: Inline - RelativeJump 0x8062E057-->F7423C68 [mfehidk.sys]
ntoskrnl.exe-->NtSetInformationProcess, Type: Inline - RelativeJump 0x8056DDD9-->F7423C54 [mfehidk.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Inline - RelativeJump 0x80572A6E-->F7423D93 [mfehidk.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x805824CC-->F7423D15 [mfehidk.sys]
ntoskrnl.exe-->NtUnloadKey, Type: Inline - RelativeJump 0x8064DD32-->F7423E17 [mfehidk.sys]
ntoskrnl.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x805738C6-->F7423CFC [mfehidk.sys]
ntoskrnl.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x804F0EB6-->F7423CD0 [mfehidk.sys]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1060]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1060]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1060]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[1060]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[1060]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998439-->00000000 [unknown_code_page]
[1060]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[1060]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1104]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1104]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1104]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1152]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1152]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1152]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1516]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1516]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1516]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[1516]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[1516]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998439-->00000000 [unknown_code_page]
[1516]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[1516]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1604]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[1604]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[1604]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[1604]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1604]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1604]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1604]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[1604]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[1604]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[1604]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040111C-->00000000 [shimeng.dll]
[1604]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401060-->00000000 [aclayers.dll]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010B8-->00000000 [aclayers.dll]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00401078-->00000000 [aclayers.dll]
[1604]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1604]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1604]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[1604]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[1604]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[1604]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1604]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[1604]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[1604]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[1604]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[1604]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1604]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[1604]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[1604]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[1604]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[1604]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[1604]iexplore.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[1604]iexplore.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[1604]iexplore.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998439-->00000000 [unknown_code_page]
[1604]iexplore.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[1604]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[1604]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->00000000 [aclayers.dll]
[1604]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->00000000 [aclayers.dll]
[1604]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->00000000 [aclayers.dll]
[1604]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1604]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[1604]iexplore.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1652]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1848]McProxy.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [McProxy.exe]
[1848]McProxy.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [McProxy.exe]
[2464]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2464]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2464]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[2464]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2464]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2464]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2464]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[2464]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2464]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2464]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[2464]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[2464]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998439-->00000000 [unknown_code_page]
[2464]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[2464]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[2464]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[2464]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[3432]AcroRd32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00404058-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00404050-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->00000000 [aclayers.dll]
[3432]AcroRd32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3432]AcroRd32.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[720]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[720]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[720]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[720]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[732]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[732]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[732]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[888]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[968]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am

Re: Browser redirects

Unread postby deltalima » August 6th, 2010, 5:07 pm

Hi justin234,

I have to be gone for another week


No problem whatsoever, I will keep this thread active until you are available.

The logs are looking good now.

When are next at the computer

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Advertisement Service
    click Remove
    highlight Viewpoint Media Player (Remove Only)
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Now please run Malwarebytes, update and run a quick scan. Remove any infections found and post the log in your next reply.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a new HijackThis log and also let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby justin234 » August 7th, 2010, 2:20 pm

Hi Deltalima,

I had someone else check the computer while I am away and he says that "Advertisement Service" was not in the Add/Remove list, but "Viewpoint Media Player" was.

Thanks,
Justin
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am

Re: Browser redirects

Unread postby deltalima » August 7th, 2010, 2:33 pm

OK, no problem, please continue with the Kaspersky scan and post whe ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby deltalima » August 10th, 2010, 4:02 am

Bump to keep topic active.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby deltalima » August 11th, 2010, 2:20 pm

Bump to keep topic active.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby deltalima » August 13th, 2010, 3:28 am

Bump to keep topic active.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby deltalima » August 14th, 2010, 12:14 pm

Bump to keep topic active.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby deltalima » August 16th, 2010, 3:49 am

Hi justin234,

Unfortunately we cannot keep this thread open indefinitely.

I will give you instructions to remove the tools we have used and to keep the computer infection free in the future. If you experience any further problems then please open a new thread when you are available.

Remove GMER

Delete the GMER icon from your desktop.

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 485 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware