Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet explorer is not working properly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet explorer is not working properly

Unread postby daveiansmith » April 7th, 2011, 3:33 am

Hi

My pc is acting strangely and won't connect to my home page. I have have reset internet explorer to the default settings and also uninstalled and reinstalled internet explorer, but this has not cured the problem. whenever I open a new window I get the message that internet explorer cant find the webpage and when I check for connection issues it says everything is ok. I can type a web address directly into the address bar but my default search engine - google does not work.

I also have firefox installed but that doesn't work properley either.

My McAfee says I am fully protected and clean and I also ran a anitmalwarebytes scan which took nearly 13 hours but still didnt find any problems.

I originally asked my friend who is a member of your forum to help me, but he was told that I had to join myself so here is the information you asked for.

Thank you

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by dave at 21:08:12.32 on 06/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2579 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dave\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101202204443.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\gemma\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 204.152.194.204 google.com
Hosts: 204.152.194.204 google.com.au
Hosts: 204.152.194.204 google.be
Hosts: 204.152.194.204 http://www.google.be
Hosts: 204.152.194.204 google.com.br
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\66i32xil.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-5 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-5 84072]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-16 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-15 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-5 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-5 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-5 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-5 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-5 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-5 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-3-15 17149]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704864]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-5 84264]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2019-3-7 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\wpn111.sys --> c:\windows\system32\drivers\WPN111.sys [?]
S4 0018781300895229mcinstcleanup;McAfee Application Installer Cleanup (0018781300895229);c:\windows\temp\001878~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\001878~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-12-2 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-12-2 51840]
.
=============== Created Last 30 ================
.
2019-03-07 17:56:59 99328 ----a-w- c:\windows\system32\winscard.dll
2019-03-07 17:54:21 -------- d-----w- C:\i386
2019-03-07 17:53:51 -------- d-----w- C:\cmpnents
2011-04-06 19:41:39 -------- dc-h--w- c:\windows\ie8
2011-04-04 18:43:06 7548 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-19 11:44:37 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-19 11:38:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-19 11:38:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-19 11:38:19 -------- d-----w- c:\program files\ESET
2011-03-19 11:36:46 -------- d-----w- c:\program files\Bonjour
2011-03-19 11:34:04 -------- d-----w- c:\program files\common files\HP
.
==================== Find3M ====================
.
2011-02-04 17:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 17:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 21:10:04.28 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 21/02/2007 11:55:02
System Uptime: 06/04/2011 20:54:09 (1 hours ago)
.
Motherboard: MSI | | MS-7267
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | CPU 1 | 2793/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 191.439 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP508: 13/01/2011 16:45:15 - Software Distribution Service 3.0
RP509: 21/01/2011 13:35:43 - Removed HPSU306Stub
RP510: 21/01/2011 13:35:49 - Removed HP Software Update
RP511: 21/01/2011 13:38:25 - Removed HP Photosmart Essential
RP512: 21/01/2011 20:39:20 - Installed DirectX
RP513: 23/01/2011 01:21:39 - Software Distribution Service 3.0
RP514: 09/02/2011 17:54:34 - Software Distribution Service 3.0
RP515: 21/02/2011 13:31:52 - Software Distribution Service 3.0
RP516: 12/03/2011 12:01:13 - Software Distribution Service 3.0
RP517: 18/03/2011 12:27:58 - Restore Operation
RP518: 18/03/2011 12:31:58 - Software Distribution Service 3.0
RP519: 18/03/2011 14:37:48 - Software Distribution Service 3.0
RP520: 19/03/2011 11:26:54 - Restore Operation
RP521: 19/03/2011 11:48:05 - Software Distribution Service 3.0
RP522: 04/04/2011 20:00:14 - Software Distribution Service 3.0
RP523: 04/04/2011 20:35:12 - Software Distribution Service 3.0
RP524: 06/04/2011 20:06:35 - Software Distribution Service 3.0
RP525: 06/04/2011 20:42:50 - Installed Windows Internet Explorer 8.
RP526: 06/04/2011 20:43:34 - Software Distribution Service 3.0
RP527: 06/04/2011 20:50:52 - Software Distribution Service 3.0
.
==== Hosts File Hijack ======================
.
Hosts: 204.152.194.204 google.com
Hosts: 204.152.194.204 google.com.au
Hosts: 204.152.194.204 google.be
Hosts: 204.152.194.204 http://www.google.be
Hosts: 204.152.194.204 google.com.br
Hosts: 204.152.194.204 google.ca
Hosts: 204.152.194.204 http://www.google.ca
Hosts: 204.152.194.204 google.ch
Hosts: 204.152.194.204 http://www.google.ch
Hosts: 204.152.194.204 google.de
Hosts: 204.152.194.204 http://www.google.de
Hosts: 204.152.194.204 google.dk
Hosts: 204.152.194.204 http://www.google.dk
Hosts: 204.152.194.204 google.fr
Hosts: 204.152.194.204 http://www.google.fr
Hosts: 204.152.194.204 google.ie
Hosts: 204.152.194.204 http://www.google.ie
Hosts: 204.152.194.204 google.it
Hosts: 204.152.194.204 http://www.google.it
Hosts: 204.152.194.204 google.co.jp
Hosts: 204.152.194.204 http://www.google.co.jp
Hosts: 204.152.194.204 google.nl
Hosts: 204.152.194.204 http://www.google.nl
Hosts: 204.152.194.204 google.no
Hosts: 204.152.194.204 http://www.google.no
Hosts: 204.152.194.204 google.co.nz
Hosts: 204.152.194.204 http://www.google.co.nz
Hosts: 204.152.194.204 google.pl
Hosts: 204.152.194.204 http://www.google.pl
Hosts: 204.152.194.204 google.se
Hosts: 204.152.194.204 http://www.google.se
Hosts: 204.152.194.204 google.co.uk
Hosts: 204.152.194.204 http://www.google.co.uk
Hosts: 204.152.194.204 google.co.za
Hosts: 204.152.194.204 http://www.google.co.za
Hosts: 204.152.194.204 http://www.google-analytics.com
Hosts: 204.152.194.204 http://www.bing.com
Hosts: 204.152.194.204 search.yahoo.com
Hosts: 204.152.194.204 http://www.search.yahoo.com
Hosts: 204.152.194.204 uk.search.yahoo.com
Hosts: 204.152.194.204 ca.search.yahoo.com
Hosts: 204.152.194.204 de.search.yahoo.com
Hosts: 204.152.194.204 fr.search.yahoo.com
Hosts: 204.152.194.204 au.search.yahoo.com
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
Adobe Shockwave Player
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
Belarc Advisor 8.1
Bluetooth Stack for Windows by Toshiba
blueyonder Instant Support Tool
Bonjour
BufferChm
C3100
c3100_Help
CCleaner
Counter-Strike
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
Driving Test Success - All Tests (2009-2010)
EPSON Copy Utility
EPSON PhotoQuicker3.2
EPSON Smart Panel
EPSON TWAIN 5
ESET Online Scanner v3
eSupportQFolder
Fax_CDA
FinePixViewer Ver.4.3
FUJIFILM USB Driver
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
HyperCam 2
InstantShareDevicesMFC
Java DB 10.5.3.0
Java(TM) 6 Update 22
Java(TM) SE Development Kit 6 Update 22
Junk Mail filter update
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MarketResearch
McAfee Security Scan Plus
McAfee Total Protection
MediaShow 3.0
Messenger Plus! Live
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Small Business
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
MobileMe Control Panel
Mozilla Firefox (3.6.12)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Play System (Patching)
NevLogoDesktop
NewCopy_CDA
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia N73 highlights
Nokia Nseries Skin for Microsoft Windows Media Player
Nokia PC Connectivity Solution
Nokia themes for your device
NVIDIA Drivers
NVIDIA nView Desktop Manager
OCR Software by I.R.I.S 7.0
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org Installer 1.0
PanoStandAlone
PhotoNow! 1.0
Popup Blocker (Windows Live Toolbar)
PowerCinema 4.0
PowerDirector Express
PowerProducer
PowerStarter
ProductContextNPI
QuickTime
Readme
RealOne Player
Realtek AC'97 Audio
Rhapsody Player Engine
Scan
ScannerCopy
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Serif PhotoPlus 6.0
Sky Broadband
Skype 3.1
Skype add-on for IE
Smart Menus (Windows Live Toolbar)
SolutionCenter
Status
Steam
The Sims Livin' it up
Toolbox
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
06/04/2011 20:10:11, error: DCOM [10020] - The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.
05/04/2011 14:00:00, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
05/04/2011 10:35:00, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
05/04/2011 10:10:00, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
04/04/2011 20:40:00, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
.
==== End Of File ===========================
daveiansmith
Active Member
 
Posts: 8
Joined: April 7th, 2011, 3:16 am
Advertisement
Register to Remove

Re: Internet explorer is not working properly

Unread postby Blade81 » April 8th, 2011, 5:05 pm

Hi,

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Internet explorer is not working properly

Unread postby daveiansmith » April 9th, 2011, 3:32 pm

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-09 20:27:24
Windows 5.1.2600 Service Pack 3
Running: lm5qh4cf.exe; Driver: C:\DOCUME~1\dave\LOCALS~1\Temp\afncqfob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7EAF0E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7EAF0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7EAF0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7EAF10C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7EAF0F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7EAF0CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B7EAF0D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B7EAF0E6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B7EAF0FC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B7EAF0A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B7EAF0BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B7EAF110 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7316360, 0x24526E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F50000
.text C:\WINDOWS\System32\svchost.exe[592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F50025
.text C:\WINDOWS\System32\svchost.exe[592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F48
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40F59
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40F74
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40F91
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40022
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F40F10
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F2D
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40EDA
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40EF5
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F40EC9
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40033
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F40000
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40058
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F40011
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40FC0
.text C:\WINDOWS\System32\svchost.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40073
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80051
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F8000A
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80036
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F80F94
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [18, 89]
.text C:\WINDOWS\System32\svchost.exe[592] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80025
.text C:\WINDOWS\System32\svchost.exe[592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70FA3
.text C:\WINDOWS\System32\svchost.exe[592] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F7002E
.text C:\WINDOWS\System32\svchost.exe[592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70FD2
.text C:\WINDOWS\System32\svchost.exe[592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F7001D
.text C:\WINDOWS\System32\svchost.exe[592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F7000C
.text C:\WINDOWS\System32\svchost.exe[592] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01930FE5
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01930011
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01930000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01920000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01920093
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01920082
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01920071
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01920FA8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01920FB9
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01920F68
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01920F83
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01920F46
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01920F57
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 019200F0
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0192004A
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01920011
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 019200A4
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01920FCA
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01920FE5
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 019200CB
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01950053
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] msvcrt.dll!system 77C293C7 5 Bytes JMP 01950FC8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0195001D
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01950FEF
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01950038
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0195000C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0196002C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01960F9B
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01960FDB
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01960011
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01960FAC
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01960000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01960058
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01960047
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[648] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01940000
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006F001B
.text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770F4E
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770F5F
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770F7C
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770039
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770F97
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770F20
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770068
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770094
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770EF1
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00770EE0
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0077001E
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00770FD4
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00770F3D
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770FB2
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770FC3
.text C:\WINDOWS\system32\services.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00770079
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0072003D
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0072007A
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0072002C
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0072001B
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00720FC7
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00720000
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00720069
.text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00720058
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710FAF
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!system 77C293C7 5 Bytes JMP 0071003A
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00710018
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00710FEF
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00710029
.text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710FDE
.text C:\WINDOWS\system32\services.exe[908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00700FEF
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020FEF
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01020062
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01020051
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01020040
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01020F8D
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020025
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010200A1
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01020084
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01020F0F
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010200B2
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010200C3
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01020F9E
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01020FD4
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01020073
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01020014
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01020FC3
.text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01020F3E
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01010FB9
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01010051
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01010FCA
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01010FDB
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01010036
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01010000
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01010F94
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [21, 89]
.text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0101001B
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0F90
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FB5
.text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FD2
.text C:\WINDOWS\system32\lsass.exe[920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B00FB9
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F5000A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F500A1
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F50FAC
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F50084
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F50073
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F50051
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F50F7D
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F500C3
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F50120
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F50105
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F50F6C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F50062
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F5001B
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F500B2
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F50036
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F50FE5
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F500EA
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F40F9E
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F4005B
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40FB9
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F40040
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F40025
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F4000A
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B20F81
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20F9C
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20FC8
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20FE3
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20FAD
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B1000A
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10F92
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10087
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10FAF
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C1006C
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10F75
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C100BD
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F5A
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100F3
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10F49
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10051
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C100AC
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C100E2
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AF0FC3
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AF005B
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AF000A
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AF0FDE
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AF004A
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AF0FA8
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CF, 88]
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AF002F
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AE003A
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AE0FAF
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AE0FE5
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AE000C
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AE0FCA
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AE0029
.text C:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AD000A
.text C:\WINDOWS\System32\svchost.exe[1296] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02FD0000
.text C:\WINDOWS\System32\svchost.exe[1296] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02FD0FD4
.text C:\WINDOWS\System32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02FD0FE5
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01F30FEF
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01F30F91
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01F30086
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01F30075
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01F30FB6
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01F30047
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01F30F4A
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01F30F65
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01F30F14
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01F300AD
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01F30F03
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01F30058
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01F3000A
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01F30F80
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01F3002C
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01F3001B
.text C:\WINDOWS\System32\svchost.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01F30F39
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 030F0033
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 030F0FA2
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 030F0022
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 030F0011
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 030F0055
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 030F0000
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 030F0FBD
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [2F, 8B]
.text C:\WINDOWS\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 030F0044
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03040F86
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!system 77C293C7 5 Bytes JMP 03040011
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03040FBC
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03040FE3
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03040FA1
.text C:\WINDOWS\System32\svchost.exe[1296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03040000
.text C:\WINDOWS\System32\svchost.exe[1296] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03030FEF
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0302000A
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03020025
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03020040
.text C:\WINDOWS\System32\svchost.exe[1296] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 0302005B
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015001B
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270062
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270051
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F6D
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F46
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0027008E
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700C4
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F2B
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F10
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F94
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270073
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270011
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700A9
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360022
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360058
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036003D
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F77
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] msvcrt.dll!system 77C293C7 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 027A2840 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 027A2720 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 027A29E0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 027A2AE0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01C90FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01C90FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01C9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01C9001B
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ws2_32.dll!socket 71AB4211 5 Bytes JMP 026C0FEF
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00960FE5
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0096001B
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00950F57
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00950F68
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00950040
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00950F8D
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00950FC3
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00950F3C
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00950078
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009500B3
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00950F1A
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009500CE
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00950FA8
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0095001B
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00950067
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00950FD4
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00950FE5
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00950F2B
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00990FAF
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0099006C
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00990FC0
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00990FDB
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00990051
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00990040
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00990025
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00980FA6
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!system 77C293C7 5 Bytes JMP 00980FB7
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00980027
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00980FD2
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00980FE3
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D4007B
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D40F7C
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D40F97
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D40FA8
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D40FC3
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D40F3F
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D40F5A
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D400CE
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D400BD
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D400E9
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D40054
daveiansmith
Active Member
 
Posts: 8
Joined: April 7th, 2011, 3:16 am

Re: Internet explorer is not working properly

Unread postby daveiansmith » April 9th, 2011, 3:33 pm

.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D40FDE
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D40F6B
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D40039
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D4001E
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D400A2
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D80036
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D80FB9
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D8001B
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D8000A
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D80076
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D8005B
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D80FD4
.text C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D70042
.text C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D70FB7
.text C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D7001D
.text C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D70FD2
.text C:\WINDOWS\system32\svchost.exe[1504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D7000C
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D60000
.text C:\WINDOWS\Explorer.EXE[1736] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0158000A
.text C:\WINDOWS\Explorer.EXE[1736] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01580FDB
.text C:\WINDOWS\Explorer.EXE[1736] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0158001B
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E10000
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E10F50
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E10F61
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E1003B
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E10F72
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E10F9E
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E10F1F
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E10071
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E10EFD
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E10F0E
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02E10ED8
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02E10F8D
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E10FE5
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02E10060
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02E10FAF
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02E10FD4
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02E10082
.text C:\WINDOWS\Explorer.EXE[1736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02E00FDB
.text C:\WINDOWS\Explorer.EXE[1736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02E0006C
.text C:\WINDOWS\Explorer.EXE[1736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02E0002C
.text C:\WINDOWS\Explorer.EXE[1736] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02E0001B
.text C:\WINDOWS\Explorer.EXE[1736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02E00051
.text C:\WINDOWS\Explorer.EXE[1736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02E00000
.text C:\WINDOWS\Explorer.EXE[1736] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02E00FAF
.text C:\WINDOWS\Explorer.EXE[1736] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 8B]
.text C:\WINDOWS\Explorer.EXE[1736] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02E00FC0
.text C:\WINDOWS\Explorer.EXE[1736] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02DF0031
.text C:\WINDOWS\Explorer.EXE[1736] msvcrt.dll!system 77C293C7 5 Bytes JMP 02DF0FA6
.text C:\WINDOWS\Explorer.EXE[1736] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02DF0016
.text C:\WINDOWS\Explorer.EXE[1736] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02DF0FEF
.text C:\WINDOWS\Explorer.EXE[1736] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02DF0FC1
.text C:\WINDOWS\Explorer.EXE[1736] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02DF0FD2
.text C:\WINDOWS\Explorer.EXE[1736] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02B40000
.text C:\WINDOWS\Explorer.EXE[1736] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02B4001B
.text C:\WINDOWS\Explorer.EXE[1736] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02B40FEF
.text C:\WINDOWS\Explorer.EXE[1736] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 02B40FDE
.text C:\WINDOWS\Explorer.EXE[1736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02B50FEF
.text C:\WINDOWS\system32\svchost.exe[1764] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[1764] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\svchost.exe[1764] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F8D
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0082
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0F9E
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE005B
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE004A
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00A4
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0093
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F23
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00C6
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00D7
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0014
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F68
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0039
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00B5
.text C:\WINDOWS\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C30014
.text C:\WINDOWS\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C30F79
.text C:\WINDOWS\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C30FC3
.text C:\WINDOWS\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C30FD4
.text C:\WINDOWS\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C30036
.text C:\WINDOWS\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C30F94
.text C:\WINDOWS\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E3, 88] {JECXZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C30025
.text C:\WINDOWS\system32\svchost.exe[1764] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20031
.text C:\WINDOWS\system32\svchost.exe[1764] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20F9C
.text C:\WINDOWS\system32\svchost.exe[1764] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FC1
.text C:\WINDOWS\system32\svchost.exe[1764] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FE3
.text C:\WINDOWS\system32\svchost.exe[1764] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20016
.text C:\WINDOWS\system32\svchost.exe[1764] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20FD2
.text C:\WINDOWS\system32\svchost.exe[1764] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1764] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[1764] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\svchost.exe[1764] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\svchost.exe[1764] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00860FEF
.text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0086000A
.text C:\WINDOWS\system32\svchost.exe[1884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00860FD4
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00850000
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00850FAF
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008500A4
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00850087
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00850076
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00850FDB
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00850F88
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008500D0
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00850F59
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008500F2
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00850F48
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00850FCA
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0085001B
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008500BF
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00850047
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0085002C
.text C:\WINDOWS\system32\svchost.exe[1884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008500E1
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00890FCA
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0089005B
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00890011
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00890FDB
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00890F9E
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00890000
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00890FB9
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A9, 88]
.text C:\WINDOWS\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00890040
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00880031
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00880F9C
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0088000C
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00880FE3
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00880FAD
.text C:\WINDOWS\system32\svchost.exe[1884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00880FD2
.text C:\WINDOWS\system32\svchost.exe[1884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0087000A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 2806C8A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 2806C700 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 2806C680 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 2806C950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 2806C780 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 2806C9C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 2806C2E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!FindResourceExA 7C835FA8 2 Bytes JMP 2806C810 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!FindResourceExA + 3 7C835FAB 4 Bytes [83, AB, CC, CC]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 7 Bytes JMP 2806BDF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 2806BE50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!GetWindowLongW 7E4188A6 7 Bytes JMP 28070850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!PeekMessageW 7E41929B 2 Bytes JMP 2806E850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!PeekMessageW + 3 7E41929E 2 Bytes [C5, A9]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!SetWindowPlacement 7E41DE46 5 Bytes JMP 2806FDC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 2806FF10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!LoadImageW 7E427B97 5 Bytes JMP 280705A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 2806DDE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!SetWindowRgn 7E42E528 7 Bytes JMP 2806FE60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!LoadIconW 7E42E8BC 5 Bytes JMP 28070720 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 28070140 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 2806EED0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 28074C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] WS2_32.dll!send 71AB4C27 5 Bytes JMP 28074920 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 28074770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] WS2_32.dll!recv 71AB676F 5 Bytes JMP 28074640 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 28074A90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 2806D550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 2806CFA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 2806CC20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] ole32.dll!CoRegisterClassObject 775179C0 5 Bytes JMP 2806CD20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 280738C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 28073A00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 28073760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2012] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 28073960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FC0011
.text C:\WINDOWS\system32\svchost.exe[2172] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FC0FDB
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009F0F72
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009F0067
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009F0040
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009F0F83
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009F0FC3
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009F0F4B
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009F0093
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009F00C6
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009F00B5
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009F00D7
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009F0F9E
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009F0082
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009F0025
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[2172] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009F00A4
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009E0FC3
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009E0F8D
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009E0FD4
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009E000A
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009E004A
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009E0039
.text C:\WINDOWS\system32\svchost.exe[2172] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009E0FB2
.text C:\WINDOWS\system32\svchost.exe[2172] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009D0FA6
.text C:\WINDOWS\system32\svchost.exe[2172] msvcrt.dll!system 77C293C7 5 Bytes JMP 009D0031
.text C:\WINDOWS\system32\svchost.exe[2172] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009D0FD2
.text C:\WINDOWS\system32\svchost.exe[2172] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[2172] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009D0FC1
.text C:\WINDOWS\system32\svchost.exe[2172] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009D0FE3
.text C:\WINDOWS\system32\svchost.exe[2172] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[2248] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[2248] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[2248] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C0009A
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00089
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C0006C
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00036
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00F65
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C000B7
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000DC
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F43
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C000ED
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00051
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00F8A
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[2248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C00F54
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0047
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0F80
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\svchost.exe[2248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FA5
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0FD1
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0066
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE003A
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0055
.text C:\WINDOWS\system32\svchost.exe[2248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0029
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F66
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F81
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0027005B
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270040
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F2E
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F49
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700A2
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270091
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270EEE
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270076
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0027002F
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0027001E
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F1D
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0036007D
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360062
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360051
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360040
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370055
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370044
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370018
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370029
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009E0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009E0011
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009E0FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 009E002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3164] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\dllhost.exe[3512] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\dllhost.exe[3512] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F1001B
.text C:\WINDOWS\system32\dllhost.exe[3512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F0000A
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F88
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F0007D
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00062
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00FA5
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FC7
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F000A4
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F5C
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000DA
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00F37
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00F26
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00FB6
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F0001B
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F6D
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F0003D
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F0002C
.text C:\WINDOWS\system32\dllhost.exe[3512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F000BF
.text C:\WINDOWS\system32\dllhost.exe[3512] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0FA3
.text C:\WINDOWS\system32\dllhost.exe[3512] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FBE
.text C:\WINDOWS\system32\dllhost.exe[3512] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0FD9
.text C:\WINDOWS\system32\dllhost.exe[3512] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\dllhost.exe[3512] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE002E
.text C:\WINDOWS\system32\dllhost.exe[3512] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0011
.text C:\WINDOWS\system32\dllhost.exe[3512] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FAF
.text C:\WINDOWS\system32\dllhost.exe[3512] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F8D
.text C:\WINDOWS\system32\dllhost.exe[3512] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FCA
.text C:\WINDOWS\system32\dllhost.exe[3512] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\dllhost.exe[3512] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0040
.text C:\WINDOWS\system32\dllhost.exe[3512] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\dllhost.exe[3512] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EF0F9E
.text C:\WINDOWS\system32\dllhost.exe[3512] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0F, 89]
.text C:\WINDOWS\system32\dllhost.exe[3512] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0025
.text C:\WINDOWS\system32\dllhost.exe[3512] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FD1
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150011
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F52
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F6D
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270047
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F1C
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270062
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0027007F
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270EE6
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270EC1
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F9B
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F41
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270022
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270011
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F0B
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0036007D
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360062
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360047
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F81
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0037000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02BC2840 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02BC2720 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 02BC29E0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02BC2AE0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 011A0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 011A0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 011A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 011A001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3604] ws2_32.dll!socket 71AB4211 5 Bytes JMP 025C000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\WINDOWS\system32\mfevtps.exe[1452] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[1452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3604] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat B053DD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????{3ED10CE2-D21A-4EBD-B48D-F76FA0E50C93}??-0??mfendisk??suio?RasPppoe?Tcpip??47F???????D???0??????????s}???D??USBSTOR_BULK?????????D???\????h\Pr?????D?????D??USBSTOR?????\Device\{3ED10CE2-D21A-4EBD-B48D-F76FA0E50C93}??????? N??D???2??????e????X?X????? ???????s?????D?????D?????????????????????????McA???D??? ??????? ?????D?????D?H??????????^??????????????????????I??????CD??? ???????D?????D?????G?H????????X????????$???????D???6???e???????????????D?????????????????s????{3ED10CE2-D21A-4EBD-B48D-F76FA0E50C93}?edi??? ???????D?????????????;????????h??????84:????h?????8???@???????@???????H???????????????????????ha ?LocalSystem?10??NT AUTHORITY\LocalService????????D??? ???????l????:??E???k?????????????E??????? ?!?!?"?"?"???'?????#?2?9?#??? ?????????????D???????#????????????&????????????????????m??? ???????D?????D???????#?? ????????? ??????ll???? ???????D???????????:?<??????&? ???????pe??? ???D??????????????????????? ?????????????D?????X?X?X?????D?????P????>??L???K?g?L???????????6???H??? ??????? ?????D?????D?H???
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd505908
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd505908 (not active ControlSet)
Reg HKLM\SOFTWARE\Classes\CLSID\{93D9CA41-C1A4-CDA9-AF65-0D7EF3942454}\CLSID@ Standard Font
Reg HKLM\SOFTWARE\Classes\CLSID\{93D9CA41-C1A4-CDA9-AF65-0D7EF3942454}\InprocServer32@ oleaut32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{93D9CA41-C1A4-CDA9-AF65-0D7EF3942454}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{93D9CA41-C1A4-CDA9-AF65-0D7EF3942454}\InprocServer32@Class stdole.StdFontClass
Reg HKLM\SOFTWARE\Classes\CLSID\{93D9CA41-C1A4-CDA9-AF65-0D7EF3942454}\InprocServer32@Assembly stdole, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Reg HKLM\SOFTWARE\Classes\CLSID\{93D9CA41-C1A4-CDA9-AF65-0D7EF3942454}\InprocServer32@RuntimeVersion v1.0.3705
Reg HKLM\SOFTWARE\Classes\CLSID\{93D9CA41-C1A4-CDA9-AF65-0D7EF3942454}\ProgID@ StdFont
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@t!s!s!d!t!s!d!t!s!r!y!s!s!t!\30!c! 71230

---- EOF - GMER 1.0.15 ----
daveiansmith
Active Member
 
Posts: 8
Joined: April 7th, 2011, 3:16 am

Re: Internet explorer is not working properly

Unread postby Blade81 » April 10th, 2011, 8:28 am

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Internet explorer is not working properly

Unread postby daveiansmith » April 10th, 2011, 2:02 pm

Here is the combofix log - the dds log will follow.

ComboFix 11-04-09.01 - dave 10/04/2011 18:25:12.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2624 [GMT 1:00]
Running from: c:\documents and settings\dave\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\dave\Recent\ANTIGEN.tmp
c:\documents and settings\dave\Recent\cid.tmp
c:\documents and settings\dave\Recent\fix.tmp
c:\documents and settings\dave\Recent\pal.tmp
c:\documents and settings\dave\Recent\PE.tmp
c:\documents and settings\dave\Recent\std.tmp
c:\documents and settings\dave\Recent\tjd.tmp
c:\windows\system32\html
c:\windows\system32\html\blank.htm
c:\windows\system32\html\bot.htm
c:\windows\system32\html\innerframeset.htm
c:\windows\system32\html\left.htm
c:\windows\system32\html\main.htm
c:\windows\system32\html\middle.htm
c:\windows\system32\html\rightframeset.htm
c:\windows\system32\html\top.htm
c:\windows\system32\html\website.htm
c:\windows\system32\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2019-03-07 17:56 . 2010-12-31 13:10 1854976 ----a-w- c:\windows\system32\win32k.sys
2019-03-07 17:53 . 2019-03-07 17:53 -------- d-----w- C:\cmpnents
2011-04-06 19:41 . 2011-04-06 19:43 -------- dc-h--w- c:\windows\ie8
2011-04-04 18:43 . 2011-04-04 18:43 7548 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-19 11:44 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-19 11:38 . 2011-03-19 11:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-19 11:38 . 2011-03-19 11:38 -------- d-----w- c:\program files\ESET
2011-03-19 11:37 . 2011-03-19 11:37 -------- d-----w- c:\program files\QuickTime
2011-03-19 11:36 . 2011-03-19 11:36 -------- d-----w- c:\program files\Bonjour
2011-03-19 11:34 . 2011-03-19 11:34 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-19 11:34 . 2011-03-19 11:34 -------- d-----w- c:\program files\Common Files\HP
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 07:58 . 2005-12-02 08:42 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-12-02 08:42 677888 ----a-w- c:\windows\system32\mstsc.exe
2006-12-13 03:12 . 2007-05-20 13:35 66648 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2007-05-20 13:35 54352 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2007-05-20 13:35 34928 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-10-13 22:28 . 2010-12-02 20:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2006-12-13 03:12 . 2007-05-20 13:35 46696 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2007-05-20 13:35 172120 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 02:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-14 18:21 110744 -c--a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 22:32 53248 -c----w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 18:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-12-02 09:26 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Steam\\steamapps\\twister625\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\0wn3dpl0z\\condition zero\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\0wn3dpl0z\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [05/10/2010 14:45 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15/03/2010 17:17 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05/10/2010 14:45 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [05/10/2010 14:45 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [05/10/2010 14:45 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [05/10/2010 14:45 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [05/10/2010 14:45 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [05/10/2010 14:45 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [05/10/2010 14:45 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 10:34 135664]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [15/03/2009 12:13 17149]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [05/10/2010 14:45 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [05/10/2010 14:45 84264]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys --> c:\windows\system32\DRIVERS\wg111v3.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [07/03/2019 18:56 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S4 0018781300895229mcinstcleanup;McAfee Application Installer Cleanup (0018781300895229);c:\windows\TEMP\001878~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\001878~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [02/12/2005 18:08 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [02/12/2005 18:08 51840]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\User_Feed_Synchronization-{047EC318-895C-4E4E-A462-DFB82241EFF9}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\gemma\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\66i32xil.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 18:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-10 18:45:57
ComboFix-quarantined-files.txt 2011-04-10 17:45
ComboFix2.txt 2010-12-05 14:10
.
Pre-Run: 205,488,574,464 bytes free
Post-Run: 205,508,898,816 bytes free
.
- - End Of File - - 8A501AAB4747D61E053FEF999F215BE4
daveiansmith
Active Member
 
Posts: 8
Joined: April 7th, 2011, 3:16 am

Re: Internet explorer is not working properly

Unread postby daveiansmith » April 10th, 2011, 2:05 pm

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by dave at 19:03:17.12 on 10/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2524 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dave\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101202204443.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\gemma\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\66i32xil.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-5 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-5 84072]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-16 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-15 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-5 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-5 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-5 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-5 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-5 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-3-15 17149]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704864]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-5 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-5 84264]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2019-3-7 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\wpn111.sys --> c:\windows\system32\drivers\WPN111.sys [?]
S4 0018781300895229mcinstcleanup;McAfee Application Installer Cleanup (0018781300895229);c:\windows\temp\001878~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\001878~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-12-2 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-12-2 51840]
.
=============== Created Last 30 ================
.
2019-03-07 17:56:59 99328 ----a-w- c:\windows\system32\winscard.dll
2019-03-07 17:54:21 -------- d-----w- C:\i386
2019-03-07 17:53:51 -------- d-----w- C:\cmpnents
2011-04-10 17:22:40 98816 ----a-w- c:\windows\sed.exe
2011-04-10 17:22:40 89088 ----a-w- c:\windows\MBR.exe
2011-04-10 17:22:40 256512 ----a-w- c:\windows\PEV.exe
2011-04-10 17:22:40 161792 ----a-w- c:\windows\SWREG.exe
2011-04-06 19:41:39 -------- dc-h--w- c:\windows\ie8
2011-04-04 18:43:06 7548 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-19 11:44:37 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-19 11:38:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-19 11:38:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-19 11:38:19 -------- d-----w- c:\program files\ESET
2011-03-19 11:36:46 -------- d-----w- c:\program files\Bonjour
2011-03-19 11:34:04 -------- d-----w- c:\program files\common files\HP
.
==================== Find3M ====================
.
2011-02-04 17:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 17:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 19:03:40.03 ===============
daveiansmith
Active Member
 
Posts: 8
Joined: April 7th, 2011, 3:16 am

Re: Internet explorer is not working properly

Unread postby Blade81 » April 10th, 2011, 3:13 pm

Hi again,


Disable WinPatrol's realtime protection.
  • Right-click the running icon of Winpatrol in the system tray
  • Choose exit. It will automatically restart at next boot.


Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
DDS::
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck toolbar option if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is not checkmarked.
  • Click Scan
  • Wait for the scan to finish


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. How's the system running now?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Internet explorer is not working properly

Unread postby daveiansmith » April 10th, 2011, 6:09 pm

the eset scanner found a threat but it didnt show a logfile - i saved it to a notepad

C:\System Volume Information\_restore{7159C566-B27D-45B5-9001-47F14422CFC9}\RP520\A1213536.mof Win32/RogueAV.A trojan


the combofix log is here

ComboFix 11-04-09.01 - dave 10/04/2011 21:13:19.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2619 [GMT 1:00]
Running from: c:\documents and settings\dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\dave\Desktop\CFscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2019-03-07 17:56 . 2010-12-31 13:10 1854976 ----a-w- c:\windows\system32\win32k.sys
2019-03-07 17:53 . 2019-03-07 17:53 -------- d-----w- C:\cmpnents
2011-04-06 19:41 . 2011-04-06 19:43 -------- dc-h--w- c:\windows\ie8
2011-04-04 18:43 . 2011-04-04 18:43 7548 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-19 11:44 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-19 11:38 . 2011-03-19 11:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-19 11:38 . 2011-03-19 11:38 -------- d-----w- c:\program files\ESET
2011-03-19 11:37 . 2011-03-19 11:37 -------- d-----w- c:\program files\QuickTime
2011-03-19 11:36 . 2011-03-19 11:36 -------- d-----w- c:\program files\Bonjour
2011-03-19 11:34 . 2011-03-19 11:34 -------- d-----w- c:\program files\Hewlett-Packard
2011-03-19 11:34 . 2011-03-19 11:34 -------- d-----w- c:\program files\Common Files\HP
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 07:58 . 2005-12-02 08:42 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-12-02 08:42 677888 ----a-w- c:\windows\system32\mstsc.exe
2006-12-13 03:12 . 2007-05-20 13:35 66648 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2007-05-20 13:35 54352 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2007-05-20 13:35 34928 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-10-13 22:28 . 2010-12-02 20:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2006-12-13 03:12 . 2007-05-20 13:35 46696 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2007-05-20 13:35 172120 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-10_17.36.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-10 19:50 . 2011-04-10 19:50 16384 c:\windows\Temp\Perflib_Perfdata_308.dat
+ 2011-04-10 20:11 . 2011-04-10 20:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-12-02 08:49 . 2011-04-10 20:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-02 08:49 . 2011-04-06 18:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-10 20:11 . 2011-04-10 20:11 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-12-07 19:33 . 2011-04-06 18:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-12-09 12:13 . 2011-04-10 19:50 222433 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 02:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-14 18:21 110744 -c--a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 22:32 53248 -c----w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 18:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-12-02 09:26 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Steam\\steamapps\\twister625\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\0wn3dpl0z\\condition zero\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\0wn3dpl0z\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [05/10/2010 14:45 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15/03/2010 17:17 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05/10/2010 14:45 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [05/10/2010 14:45 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [05/10/2010 14:45 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [05/10/2010 14:45 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [05/10/2010 14:45 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [05/10/2010 14:45 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [05/10/2010 14:45 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 10:34 135664]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [15/03/2009 12:13 17149]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [05/10/2010 14:45 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [05/10/2010 14:45 84264]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys --> c:\windows\system32\DRIVERS\wg111v3.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [07/03/2019 18:56 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S4 0018781300895229mcinstcleanup;McAfee Application Installer Cleanup (0018781300895229);c:\windows\TEMP\001878~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\001878~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [02/12/2005 18:08 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [02/12/2005 18:08 51840]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\User_Feed_Synchronization-{047EC318-895C-4E4E-A462-DFB82241EFF9}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\gemma\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\66i32xil.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-10 21:24:16
ComboFix-quarantined-files.txt 2011-04-10 20:24
ComboFix2.txt 2011-04-10 17:46
ComboFix3.txt 2010-12-05 14:10
.
Pre-Run: 205,511,430,144 bytes free
Post-Run: 205,468,065,792 bytes free
.
- - End Of File - - CFF07F83BBBF0A9F99D4917A149CF670


the dds log is here

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by dave at 23:05:30.37 on 10/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2431 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\dave\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101202204443.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\gemma\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 204.152.194.204 google.com
Hosts: 204.152.194.204 google.com.au
Hosts: 204.152.194.204 google.be
Hosts: 204.152.194.204 www.google.be
Hosts: 204.152.194.204 google.com.br
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\66i32xil.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-5 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-5 84072]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-16 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-15 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-5 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-5 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-5 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-5 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-5 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-5 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-3-15 17149]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704864]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-5 84264]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2019-3-7 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\wpn111.sys --> c:\windows\system32\drivers\WPN111.sys [?]
S4 0018781300895229mcinstcleanup;McAfee Application Installer Cleanup (0018781300895229);c:\windows\temp\001878~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\001878~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-12-2 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-12-2 51840]
.
=============== Created Last 30 ================
.
2019-03-07 17:56:59 99328 ----a-w- c:\windows\system32\winscard.dll
2019-03-07 17:54:21 -------- d-----w- C:\i386
2019-03-07 17:53:51 -------- d-----w- C:\cmpnents
2011-04-10 20:35:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-10 20:35:11 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-10 17:22:40 98816 ----a-w- c:\windows\sed.exe
2011-04-10 17:22:40 89088 ----a-w- c:\windows\MBR.exe
2011-04-10 17:22:40 256512 ----a-w- c:\windows\PEV.exe
2011-04-10 17:22:40 161792 ----a-w- c:\windows\SWREG.exe
2011-04-06 19:41:39 -------- dc-h--w- c:\windows\ie8
2011-04-04 18:43:06 7548 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-19 11:44:37 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-19 11:38:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-19 11:38:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-19 11:38:19 -------- d-----w- c:\program files\ESET
2011-03-19 11:36:46 -------- d-----w- c:\program files\Bonjour
2011-03-19 11:34:04 -------- d-----w- c:\program files\common files\HP
.
==================== Find3M ====================
.
2011-04-10 20:34:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-04 17:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 17:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 23:06:32.79 ===============


the pc is still not opening my homepage - it says the webpage cant be displayed.
daveiansmith
Active Member
 
Posts: 8
Joined: April 7th, 2011, 3:16 am

Re: Internet explorer is not working properly

Unread postby Blade81 » April 12th, 2011, 8:30 am

Download the HostsXpert.

* Unzip HostsXpert to a convenient folder such as C:\HostsXpert
* Click HostsXpert.exe to Run HostsXpert from its new home
* Click
Make Hosts Writable?
in the upper right corner (If available).
* Click Restore Microsoft's Hosts file and then click OK.
* Click the X to exit the program.
* Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Post back fresh dds logs.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Internet explorer is not working properly

Unread postby daveiansmith » April 12th, 2011, 2:48 pm

I ran the hosta program but wasnt sure if you wanted me to click on make writable to change it or click to make it writable. sorry.

anyway, the dds log is here and the google home page was displayed when I started internet explorer

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by dave at 19:42:04.62 on 12/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2354 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dave\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101202204443.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\gemma\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\66i32xil.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-5 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-5 84072]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-16 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-15 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-5 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-5 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-5 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-5 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-5 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-5 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-5 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-3-15 17149]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704864]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-5 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-5 84264]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2019-3-7 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\wpn111.sys --> c:\windows\system32\drivers\WPN111.sys [?]
S4 0018781300895229mcinstcleanup;McAfee Application Installer Cleanup (0018781300895229);c:\windows\temp\001878~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\001878~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-12-2 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-12-2 51840]
.
=============== Created Last 30 ================
.
2019-03-07 17:56:59 99328 ----a-w- c:\windows\system32\winscard.dll
2019-03-07 17:54:21 -------- d-----w- C:\i386
2019-03-07 17:53:51 -------- d-----w- C:\cmpnents
2011-04-10 20:35:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-10 20:35:11 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-10 17:22:40 98816 ----a-w- c:\windows\sed.exe
2011-04-10 17:22:40 89088 ----a-w- c:\windows\MBR.exe
2011-04-10 17:22:40 256512 ----a-w- c:\windows\PEV.exe
2011-04-10 17:22:40 161792 ----a-w- c:\windows\SWREG.exe
2011-04-06 19:41:39 -------- dc-h--w- c:\windows\ie8
2011-04-04 18:43:06 7548 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-19 11:44:37 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-19 11:38:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-19 11:38:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-19 11:38:19 -------- d-----w- c:\program files\ESET
2011-03-19 11:36:46 -------- d-----w- c:\program files\Bonjour
2011-03-19 11:34:04 -------- d-----w- c:\program files\common files\HP
.
==================== Find3M ====================
.
2011-04-10 20:34:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-04 17:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 17:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 19:44:01.32 ===============
daveiansmith
Active Member
 
Posts: 8
Joined: April 7th, 2011, 3:16 am

Re: Internet explorer is not working properly

Unread postby Blade81 » April 13th, 2011, 8:43 am

Hi,

Log looks ok now. Any other issues left? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  • Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade 8)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Internet explorer is not working properly

Unread postby daveiansmith » April 14th, 2011, 1:25 pm

Hi

Things seem to be ok now.

My internet explorer settings were the same as the ones you recommended above so how did my hosts file get changed/ infected?

Thank you
daveiansmith
Active Member
 
Posts: 8
Joined: April 7th, 2011, 3:16 am

Re: Internet explorer is not working properly

Unread postby Blade81 » April 14th, 2011, 1:29 pm

You're welcome :)

My internet explorer settings were the same as the ones you recommended above so how did my hosts file get changed/ infected?

If there're vulnerabilities in system then nothing else is needed to infect the system. That's why it's important to keep both the operating system and installed 3rd party software up-to-date. Secunia PSI that I linked in my previous post helps on this task.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Internet explorer is not working properly

Unread postby Blade81 » April 21st, 2011, 6:24 am

Since the issue appears to be resolved this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware