Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mcafee run - 3 trojans, 4 adware - hijack this log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby funkehjez » March 25th, 2009, 2:41 pm

OKat, I just ran Mcafee, and its found 3 trojans, its obvious that these have been here for a long while now and that they have stayed there and not properly been ridden of. I've chucked them and clicked remove, one adware refuses to be removed from mcafee, detection name: Adware-180SA. Another PUP is CAS online. Generic PUP.x is another. The last pup is RemAdm-Pskill.

The three trojans say generic.dx and similar ones, they are all quarantined. I recently installed AVG, winpatrol for prevention, and the sitehound, even if it does the same job as mcafee. A couple of the trojans refuse to go as well. I'll let you know what AVG picks up, by editing this post if someone hasn't replied yet.

-------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:49, on 25/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\MSC\mcshell.exe
C:\Documents and Settings\Boys\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 7939 bytes
funkehjez
Active Member
 
Posts: 8
Joined: March 23rd, 2009, 8:21 pm
Advertisement
Register to Remove

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby Axephilic » April 2nd, 2009, 7:58 pm

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

Mutiple Anti-Viruses
You are operating your computer with multiple Anti Virus programs:
AVG8
McAffee


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please Uninstall all but one of them using Control Panel, Add/Remove Programs.

RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby funkehjez » April 3rd, 2009, 4:47 pm

Not a problem Adam. Here are the logs as requested.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Boys at 2009-04-03 21:40:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (29%) free of 38 GB
Total RAM: 767 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:54, on 03/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Boys\Desktop\RSIT.exe
C:\Documents and Settings\Boys\Desktop\Boys.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 7164 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Norton Security Scan for Boys.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-01-16 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"btbb_wcm_McciTrayApp"=C:\Program Files\btbb_wcm\McciTrayApp.exe [2006-12-07 935936]
"PRISMSVR.EXE"=C:\WINDOWS\system32\PRISMSVR.EXE [2004-10-14 295001]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-03-18 337216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\BT Broadband Desktop Help\bin\BTHelpBrowser.exe"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\iTunes.exe"="E:\iTunes.exe:*:Enabled:iTunes"
"F:\itunes\iTunes.exe"="F:\itunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Guest\Application Data\MySpace\IM\bin\MySpaceIM.exe"="C:\Documents and Settings\Guest\Application Data\MySpace\IM\bin\MySpaceIM.exe:*:Disabled:MySpace Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-04-03 21:40:26 ----D---- C:\rsit
2009-03-29 18:16:51 ----D---- C:\WINDOWS\speech
2009-03-29 18:16:23 ----A---- C:\WINDOWS\system32\WINGDE.DLL
2009-03-29 18:16:23 ----A---- C:\WINDOWS\system32\WING32.DLL
2009-03-29 18:16:23 ----A---- C:\WINDOWS\system32\WING.DLL
2009-03-29 18:11:48 ----D---- C:\Program Files\LEGO Media
2009-03-25 02:43:04 ----D---- C:\Documents and Settings\Boys\Application Data\SiteHound
2009-03-25 02:42:53 ----D---- C:\Program Files\FireTrust
2009-03-25 01:46:03 ----D---- C:\Documents and Settings\Boys\Application Data\WinPatrol
2009-03-25 01:45:47 ----D---- C:\Program Files\BillP Studios
2009-03-23 08:15:56 ----D---- C:\Program Files\Norton Security Scan
2009-03-23 00:59:02 ----D---- C:\WINDOWS\system32\Adobe
2009-03-22 19:22:42 ----D---- C:\Documents and Settings\Boys\Application Data\Adobe
2009-03-21 17:12:18 ----D---- C:\CFLog
2009-03-21 17:09:05 ----D---- C:\Documents and Settings\Boys\Application Data\Yahoo!
2009-03-21 17:08:32 ----D---- C:\Program Files\Common Files\INCA Shared
2009-03-21 16:52:01 ----D---- C:\Program Files\Subagames
2009-03-21 16:13:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files
2009-03-21 16:12:56 ----D---- C:\Program Files\Pando Networks
2009-03-21 16:10:46 ----D---- C:\Documents and Settings\Boys\Application Data\Macromedia
2009-03-21 16:09:23 ----D---- C:\Documents and Settings\Boys\Application Data\Mozilla
2009-03-21 16:03:16 ----D---- C:\Documents and Settings\Boys\Application Data\Identities
2009-03-21 16:02:47 ----ASH---- C:\Documents and Settings\Boys\Application Data\desktop.ini
2009-03-21 16:02:46 ----SD---- C:\Documents and Settings\Boys\Application Data\Microsoft
2009-03-21 16:02:46 ----D---- C:\Documents and Settings\Boys\Application Data\Apple Computer
2009-03-21 12:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-21 12:11:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-21 12:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-21 12:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-21 12:07:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$

======List of files/folders modified in the last 1 months======

2009-04-03 21:40:46 ----D---- C:\WINDOWS\Prefetch
2009-04-03 21:40:37 ----D---- C:\WINDOWS\Temp
2009-04-03 21:33:29 ----D---- C:\Program Files\Mozilla Firefox
2009-04-03 21:31:01 ----D---- C:\WINDOWS
2009-04-03 21:29:50 ----D---- C:\WINDOWS\system32
2009-04-03 21:28:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-03 21:28:10 ----D---- C:\WINDOWS\system32\drivers
2009-04-01 12:07:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-31 14:59:26 ----HD---- C:\WINDOWS\inf
2009-03-29 18:16:24 ----A---- C:\WINDOWS\system.ini
2009-03-29 18:11:51 ----RSD---- C:\WINDOWS\Fonts
2009-03-29 18:11:48 ----D---- C:\Program Files
2009-03-29 18:11:47 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-29 12:46:29 ----SHD---- C:\RECYCLER
2009-03-29 12:25:13 ----SHD---- C:\WINDOWS\Installer
2009-03-29 12:25:06 ----A---- C:\WINDOWS\ODBC.INI
2009-03-29 12:14:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-25 03:21:51 ----D---- C:\Documents and Settings
2009-03-24 01:27:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-23 14:06:28 ----SD---- C:\WINDOWS\Tasks
2009-03-23 08:16:15 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-21 17:08:32 ----D---- C:\Program Files\Common Files
2009-03-21 16:03:21 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-21 12:20:18 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-03-21 12:20:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-21 12:12:07 ----A---- C:\WINDOWS\imsins.BAK
2009-03-21 12:12:02 ----D---- C:\WINDOWS\WinSxS
2009-03-15 13:45:48 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-01-16 213640]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-10-14 15781]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-01-16 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-01-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-01-16 40552]
R3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\Subagames\CrossFire\GameGuard\dump_wmimmc.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-01-16 34216]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WlanUIG;2Wire 802.11g USB Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-04-08 347648]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-01-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-01-09 884360]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-01-16 606736]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe []
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-01-17 365072]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-16 2849844]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]

-----------------EOF-----------------

And the next one

info.txt logfile of random's system information tool 1.06 2009-04-03 21:41:01

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\Motive\btbb\UninstallHelper.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BT Broadband Desktop Help-->C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Home Hub-->C:\Program Files.\BTHomeHub.\Uninstall.exe
BT Voyager Wireless Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\setup.exe" -l0x9
BT Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cross Fire En-->"C:\Program Files\Subagames\CrossFire\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drive Manager-->"C:\Program Files\InstallShield Installation Information\{48B0F38D-1913-44F3-99AA-D4C55A2B038E}\setup.exe" -runfromtemp -l0x0409 -removeonly
Drive Manager-->MsiExec.exe /I{48B0F38D-1913-44F3-99AA-D4C55A2B038E}
Free iPod Video Converter 1.26-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\Documents and Settings\Boys\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LEGO Creator Harry Potter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FB70A9B-6591-42EB-BD84-6F9C55368E06}\setup.exe"
Luxor Amun Rising with Luxor-->C:\Program Files\MumboJumbo\Luxor AR with Luxor\uninst.exe
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\setup.exe" -l0x9
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
SiteHound for FireFox 2.0.0-->C:\Program Files\FireTrust\SiteHound\uninstfirefox.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: SONYA-2BE7F8F9E
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 5764
Source Name: Disk
Time Written: 20090326003206.000000+000
Event Type: error
User:

Computer Name: SONYA-2BE7F8F9E
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 5763
Source Name: Disk
Time Written: 20090326003205.000000+000
Event Type: error
User:

Computer Name: SONYA-2BE7F8F9E
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 5762
Source Name: W32Time
Time Written: 20090325233912.000000+000
Event Type: warning
User:

Computer Name: SONYA-2BE7F8F9E
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 5760
Source Name: Disk
Time Written: 20090325191550.000000+000
Event Type: error
User:

Computer Name: SONYA-2BE7F8F9E
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 5758
Source Name: Disk
Time Written: 20090325103836.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: SONYA-2BE7F8F9E
Event Code: 1517
Message: Windows saved user SONYA-2BE7F8F9E\Guest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 27720
Source Name: Userenv
Time Written: 20081007214808.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SONYA-2BE7F8F9E
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 27691
Source Name: usnjsvc
Time Written: 20081007172827.000000+060
Event Type:
User:

Computer Name: SONYA-2BE7F8F9E
Event Code: 1517
Message: Windows saved user SONYA-2BE7F8F9E\Guest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 27672
Source Name: Userenv
Time Written: 20081007171119.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SONYA-2BE7F8F9E
Event Code: 1517
Message: Windows saved user SONYA-2BE7F8F9E\Guest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 27651
Source Name: Userenv
Time Written: 20081007151132.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SONYA-2BE7F8F9E
Event Code: 1517
Message: Windows saved user SONYA-2BE7F8F9E\Guest registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 27610
Source Name: Userenv
Time Written: 20081007024445.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
funkehjez
Active Member
 
Posts: 8
Joined: March 23rd, 2009, 8:21 pm

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby Axephilic » April 3rd, 2009, 5:09 pm

Your logs thus far look clean. Are experiencing any symptoms?

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Run GMER
Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on gmer.exe to run it.
  7. Select the Rootkit tab.
  8. On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  9. Select all drives that are connected to your system to be scanned.
  10. Click on the Scan button.
  11. When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  12. Open Notepad or a similar text editor.
  13. Paste the clipboard contents into the text editor.
  14. Save the Gmer scan log and post it in your next reply.
  15. Close Gmer.
  16. Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  17. In Command Prompt, type in net stop gmer. Press Enter.
  18. Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.

In your next reply, please include:
  1. Kapsersky report
  2. GMER log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby funkehjez » April 5th, 2009, 5:45 pm

Okay, I've done the first scan, and shalldo the other one this Tuesday as I am in all day then, and can leave it run. Just letting you know in advance.
funkehjez
Active Member
 
Posts: 8
Joined: March 23rd, 2009, 8:21 pm

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby funkehjez » April 7th, 2009, 11:41 am

Here are the scans and hijack this log file as requested.

Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, April 5, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, April 05, 2009 15:56:33
Records in database: 2015080
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 83029
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 03:31:08


File name / Threat name / Threats count
C:\Documents and Settings\Sonya\Desktop\BBDesktopHelpInstallDV.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 2
C:\Program Files\BT Broadband Desktop Help\vendors\btbb\wwwcache\wt\deviceview\private\content\driven_dev\upgrade\McciContextUpgrade.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1

The selected area was scanned.


GMER

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-07 16:35:23
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEEED644A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEEED64E1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEEED63F8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEEED640C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEEED64F5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEEED6521]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEEED658F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEEED6579]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEEED648A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEEED65BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEEED64CD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEEED63D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEEED63E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEEED645E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEEED65F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEEED6563]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEEED654D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEEED650B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEEED65E3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEEED65CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEEED6436]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEEED6422]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEEED6537]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEEED64B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEEED65A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEEED64A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEEED6474]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EEED6478 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP EEED64D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP EEED6551 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP EEED644E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP EEED6426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP EEED64E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP EEED65FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP EEED6593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP EEED63D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP EEED6462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP EEED653B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP EEED64A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP EEED648E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP EEED6410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP EEED64BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP EEED63E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP EEED65BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP EEED657D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP EEED6525 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP EEED64F9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP EEED63FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCF7 5 Bytes JMP EEED643A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA12 7 Bytes JMP EEED65A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E338 7 Bytes JMP EEED6567 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP EEED650F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ECA9 5 Bytes JMP EEED65D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F112 5 Bytes JMP EEED65E7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[188] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B40F70
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B40065
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40F81
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B40F9E
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B40FD4
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B40F1D
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B40F44
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B400A2
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B40091
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B400B3
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B40FB9
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B4001B
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B40F55
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B40040
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B40080
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B3001B
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B30F68
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B30FCA
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B30FDB
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B30F8D
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B30F9E
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [D3, 88]
.text C:\WINDOWS\system32\svchost.exe[564] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B30FAF
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B20031
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20F9C
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20FD2
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20FAD
.text C:\WINDOWS\system32\svchost.exe[564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20FE3
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D40079
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D4005E
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D40F84
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D40043
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D4001E
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D400B6
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D4009B
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D400EC
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D400D1
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D400FD
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D40FA1
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D40FDE
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D4008A
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D40FB2
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D40FC3
.text C:\WINDOWS\system32\services.exe[588] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D40F53
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CF0040
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CF0076
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CF0025
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CF0065
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [EF, 88]
.text C:\WINDOWS\system32\services.exe[588] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0055
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0044
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0FDE
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0033
.text C:\WINDOWS\system32\services.exe[588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\services.exe[588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F3D
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0028
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F5A
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F6B
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0F97
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F0F
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0F2C
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB008D
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0EF4
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BB0ED9
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BB0F86
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BB0057
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BB0FB2
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\lsass.exe[600] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BB0068
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BA003D
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BA0095
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BA0084
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BA005F
.text C:\WINDOWS\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BA004E
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B9004E
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90033
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90022
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\lsass.exe[600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90011
.text C:\WINDOWS\system32\lsass.exe[600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0089
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0078
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0F9E
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0FAF
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD003D
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F52
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F6D
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0F26
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0F37
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00AD0F0B
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00AD0FC0
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00AD00A4
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00AD0FD1
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00AD002C
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00AD00B5
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00AC002C
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00AC007D
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00AC0011
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00AC006C
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00AC0FC0
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [CC, 88]
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00AC003D
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0042
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0031
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0FC8
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FB7
.text C:\WINDOWS\system32\svchost.exe[784] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[784] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C400A1
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C40090
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C40FB6
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C40FD1
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C40058
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C400FE
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C400E3
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C40F65
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C40F80
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C40119
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C40073
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C400BC
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C40047
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C40036
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C40F91
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C3002C
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C30FA5
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C30FDB
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C30011
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C30FC0
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C30058
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C30047
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20FA6
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20027
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FC8
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20FB7
.text C:\WINDOWS\system32\svchost.exe[844] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C2000C
.text C:\WINDOWS\system32\svchost.exe[844] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C1000A
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027D0000
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 027D00C9
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 027D00AE
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 027D0087
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 027D0FCA
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 027D0047
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027D00F5
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027D0FAD
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027D0121
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027D0106
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 027D0F6D
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 027D006C
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 027D001B
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 027D00E4
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 027D0FDB
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 027D002C
.text C:\WINDOWS\System32\svchost.exe[912] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 027D0F92
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 027B0FAF
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 027B0036
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 027B0FD4
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 027B0FE5
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 027B0F79
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 027B0000
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 027B001B
.text C:\WINDOWS\System32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 027B0F94
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 027A0038
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!system 77C293C7 5 Bytes JMP 027A0FAD
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 027A001D
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 027A0FE3
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 027A0FC8
.text C:\WINDOWS\System32\svchost.exe[912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 027A0000
.text C:\WINDOWS\System32\svchost.exe[912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02790000
.text C:\WINDOWS\System32\svchost.exe[912] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 027C0FEF
.text C:\WINDOWS\System32\svchost.exe[912] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 027C000A
.text C:\WINDOWS\System32\svchost.exe[912] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 027C0025
.text C:\WINDOWS\System32\svchost.exe[912] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 027C0FD4
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F7E
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650073
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650062
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F48
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0065009A
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500DA
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500B5
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 006500EB
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00650F63
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00650F37
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00640FBC
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0064006F
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00640FCD
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0064005E
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00640043
.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00640028
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FB7
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FD2
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FE3
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630042
.text C:\WINDOWS\system32\svchost.exe[952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063001D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20058
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20F6D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F8A
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20F9B
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C2002C
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20073
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20F2D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20EFF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C2008E
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C20EDA
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C2003D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C20011
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C20F3E
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C20FDB
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C20F10
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 009B0FCA
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 009B0F68
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 009B0FDB
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 009B0F83
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 009B0F94
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 009B0FAF
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A005F
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A004E
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0018
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A003D
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FDE
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 009C0025
.text C:\WINDOWS\system32\svchost.exe[1132] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 009C0040
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0073
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F88
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F99
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0047
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F50
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0098
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F2B
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00C4
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F1A
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0058
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F6D
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[2508] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00B3
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0029003D
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290FBD
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0029002C
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0029001B
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0029007A
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290069
.text C:\WINDOWS\System32\svchost.exe[2508] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0029004E
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0F8B
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FA6
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FC8
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FB7
.text C:\WINDOWS\System32\svchost.exe[2508] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E000C
.text C:\WINDOWS\System32\svchost.exe[2508] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0000
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0089
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A006C
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F77
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00BF
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F55
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F66
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0047
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A00AE
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\Explorer.EXE[2988] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A00DA
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0029007D
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290062
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290047
.text C:\WINDOWS\Explorer.EXE[2988] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FCA
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FA3
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A002E
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A001D
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FC8
.text C:\WINDOWS\Explorer.EXE[2988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A000C
.text C:\WINDOWS\Explorer.EXE[2988] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\Explorer.EXE[2988] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\Explorer.EXE[2988] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[2988] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002C001B
.text C:\WINDOWS\Explorer.EXE[2988] ws2_32.dll!socket 71AB4211 5 Bytes JMP 017A0000
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B00A1
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0090
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B007F
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FB6
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0051
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00EA
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00D9
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F6C
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F7D
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B0120
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B00BC
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\wuauclt.exe[3304] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B00FB
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F95
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0020
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FC1
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FB0
.text C:\WINDOWS\system32\wuauclt.exe[3304] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B0098
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B0000
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B007D
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wuauclt.exe[3304] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B005B
.text C:\WINDOWS\system32\wuauclt.exe[3304] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003C0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Hijack this log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:41, on 07/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Boys\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 7014 bytes
funkehjez
Active Member
 
Posts: 8
Joined: March 23rd, 2009, 8:21 pm

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby Axephilic » April 7th, 2009, 11:50 am

Hi there, just a few quick things and I will have you on your way. :)

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Please answer my question:
Are experiencing any symptoms?


Update Java
Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 13.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locatethe following entries and click on Change/Remove to uninstall them:

    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
  2. Click here to visit Java's website.
  3. Select Windows from the drop-down list for Platform.
  4. Select Multi-language from the drop-down list for Language.
  5. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  6. Click on jre-6u13-windows-i586-p.exe link to download it and save this to a convenient location.
  7. Run this installation to update your Java.

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9. Please uninstall all old versions of Adobe Reader and then you can download the newest version from http://www.adobe.com/products/acrobat/readstep2.html If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

In your next reply, please include:
  1. Answer to my question
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby funkehjez » April 8th, 2009, 7:20 am

Okay. I've done as you have asked installing the new java and adobe updates. Also, in regards to the symptoms there are none. On the rare ocassion, there might be an invisible popup appear and suddenly dissappear, which is all I see, but this hasn't happened for quite some time now. The only other symptom would be a slow computer and the odd popup that gets through the pop up blocker. I tend to know to simply just close these straight away though.

Here is the hijack this log file as requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:28, on 08/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Boys\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 7585 bytes
funkehjez
Active Member
 
Posts: 8
Joined: March 23rd, 2009, 8:21 pm

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby Axephilic » April 8th, 2009, 4:11 pm

Congratulations, you are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them. If after 48 hours you have not responded to this, then I will assume you have no questions and have the topic closed.

You may now delete any program that I used in my fixes.

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click Apply.
  5. Uncheck (untick) Turn off system restore on all drives box.
  6. Click OK.
  7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update


Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

I also recommend, if it's not already on, to enable Automatic updates. It will notify you whenever there are new updates available. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  3. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

  4. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Happy surfing and stay clean!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby funkehjez » April 8th, 2009, 4:45 pm

Thank you for cleaning this computer. I am so glad about this. I've had this for a while now, and was certain something was wrong with it. Again, thanks. can I uninstall / delete hijack this now etc?
funkehjez
Active Member
 
Posts: 8
Joined: March 23rd, 2009, 8:21 pm

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby Axephilic » April 8th, 2009, 5:08 pm

You may. :)
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Mcafee run - 3 trojans, 4 adware - hijack this log

Unread postby NonSuch » April 8th, 2009, 5:35 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware