Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan malware removal

Unread postby BoricuaWarrior » April 11th, 2010, 2:50 pm

xp defender unregistered. Cant use internet explorer
ABBYY FineReader 6.0 Sprint
Acrobat.com
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 4.3
BlackBerry Desktop Software 4.3
Broadcom Driver Installer
Dell Driver Reset Tool
Dell Resource CD
DVD Shrink 3.2
DVD Solution
DVDFab (remove only)
First Step Guide
Free DVD Maker
FrostWire 4.20.3
Garmin USB Drivers
Garmin WebUpdater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
ImageMixer VCD2
InCD
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD Recorder 5
Java(TM) 6 Update 16
Java(TM) 6 Update 7
Lexmark 1200 Series
Lexmark Fax Solutions
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Modem Helper
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Launcher
NCH Toolbox
Nero OEM
Picture Package
PowerDVD
PowerProducer
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sony USB Driver
SoundMAX
TenchisTV Toolbar
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.16
VideoPad Video Editor
WebIQ Technology Engine
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:36 PM, on 4/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\lxczcoms.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
E:\WINDOWS\Explorer.EXE
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\Ahead\InCD\InCD.exe
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\WINDOWS\vsnpstd3.exe
E:\WINDOWS\system32\igfxpers.exe
E:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe
E:\WINDOWS\system32\Rundll32.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Lexmark 1200 Series\lxczbmon.exe
E:\Program Files\InterVideo\DVD5R\SchSvr.exe
E:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
E:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
E:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
E:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - E:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: TenchisTV Toolbar - {ece24dcf-8548-4655-b392-47a388721482} - E:\Program Files\TenchisTV\tbTenc.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: E:\WINDOWS\system32\mmcox.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - E:\WINDOWS\system32\mmcox.dll (file missing)
O2 - BHO: (no name) - {d469b3a7-3577-4d76-8b00-45e4a5d69cdb} - rudujeru.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: TenchisTV Toolbar - {ece24dcf-8548-4655-b392-47a388721482} - E:\Program Files\TenchisTV\tbTenc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mcagent_exe] "E:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] E:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FastTVSync] "E:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "E:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "E:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [peasoxrr] E:\Documents and Settings\Owner\Local Settings\Application Data\kijgjy\exfbsftav.exe
O4 - HKLM\..\Run: [snpstd3] E:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [YSearchProtection] "E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [vekiderilu] Rundll32.exe "kevupavo.dll",s
O4 - HKLM\..\Run: [mewelujuz] Rundll32.exe "e:\windows\system32\lasefoye.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [peasoxrr] E:\Documents and Settings\Owner\Local Settings\Application Data\kijgjy\exfbsftav.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "E:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YVIBBBHA8C] E:\DOCUME~1\Owner\LOCALS~1\Temp\Bhh.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] E:\DOCUME~1\Owner\LOCALS~1\Temp\notepad.exe
O4 - HKUS\S-1-5-19\..\Run: [vekiderilu] Rundll32.exe "kevupavo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vekiderilu] Rundll32.exe "kevupavo.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Desktop Manager.lnk = E:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = E:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/D ... tion&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9773106843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{214C1D4D-D2D9-46BC-BA36-F1E01908AF3F}: NameServer = 217.23.14.75,4.2.2.1,192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.55,93.188.161.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{214C1D4D-D2D9-46BC-BA36-F1E01908AF3F}: NameServer = 217.23.14.75,4.2.2.1,192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.55,93.188.161.161
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: gijeluhe.dll e:\windows\system32\lasefoye.dll
O21 - SSODL: halazinod - {4e3d5337-a277-49a4-b11c-a74cc02c4ebe} - e:\windows\system32\lasefoye.dll (file missing)
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - E:\WINDOWS\system32\mmcox.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {4e3d5337-a277-49a4-b11c-a74cc02c4ebe} - e:\windows\system32\lasefoye.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - E:\WINDOWS\system32\lxczcoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - E:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - E:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12919 bytes
BoricuaWarrior
Active Member
 
Posts: 10
Joined: April 10th, 2010, 2:51 pm
Advertisement
Register to Remove

Re: Trojan malware removal

Unread postby MWR 3 day Mod » April 14th, 2010, 11:45 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Trojan malware removal

Unread postby gringo_pr » April 18th, 2010, 3:32 am

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

:P2P Warning!:

I must draw your attention to the >malwareremoval< policy regarding P2P programs. You must uninstall all P2P programs before I can continue with cleaning your computer.

remove the following programs:

FrostWire 4.20.3

*NOTE* Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.


If you continue to use P2P programs, we see no purpose in cleaning your machine as it is pretty much certain that, if you continue to use them, your computer will get infected again.

uninstall some programs

    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    xp defender unregistered. Cant use internet explorer
    Ask Toolbar
    FrostWire 4.20.3
    Java(TM) 6 Update 7


    and click on remove

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.

information and logs:

    In your next post I need the following

      1.logs from DDS
      2.log from GMER
      3.let me know of any problems you may have had

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Trojan malware removal

Unread postby BoricuaWarrior » April 18th, 2010, 6:36 pm

Hey Gringo Thank You for your help but every time I try to delete any program this message shows up E/windows/system32\rundll32.exe
application not found


What can I do now?

PS. Keep enjoying of the beautiful weather of Puerto Rico

Boricua Warrior
BoricuaWarrior
Active Member
 
Posts: 10
Joined: April 10th, 2010, 2:51 pm

Re: Trojan malware removal

Unread postby gringo_pr » April 18th, 2010, 10:13 pm

ok continue with the DDS and GMER instructions please


gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Trojan malware removal

Unread postby BoricuaWarrior » April 19th, 2010, 8:17 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/31/2009 7:30:19 PM
System Uptime: 4/19/2010 6:52:37 PM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0TC667
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 20.406 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 75 GiB total, 45.633 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
B57Inst
BlackBerry Desktop Software 4.3
Broadcom Driver Installer
Dell Driver Reset Tool
Dell Resource CD
DVD Shrink 3.2
DVD Solution
DVDFab (remove only)
Facebook Plug-In
First Step Guide
Free DVD Maker
FrostWire 4.20.3
Garmin USB Drivers
Garmin WebUpdater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
ImageMixer VCD2
InCD
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD Recorder 5
Java(TM) 6 Update 16
Java(TM) 6 Update 7
Lexmark 1200 Series
Lexmark Fax Solutions
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Modem Helper
Move Media Player
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Launcher
NCH Toolbox
Nero OEM
Picture Package
PowerDVD
PowerProducer
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sony USB Driver
SoundMAX
TenchisTV Toolbar
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.16
VideoPad Video Editor
WebFldrs XP
WebIQ Technology Engine
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/16/2010 9:08:55 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/16/2010 4:51:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
4/16/2010 4:51:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/16/2010 4:51:10 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/12/2010 7:34:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
4/12/2010 1:34:37 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 19:09:18.07 on Mon 04/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.52 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\lxczcoms.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
E:\WINDOWS\Explorer.EXE
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Program Files\Avira\AntiVir Desktop\avnotify.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - e:\program files\asksearch\bin\DefaultSearch.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - e:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: TenchisTV Toolbar: {ece24dcf-8548-4655-b392-47a388721482} - e:\program files\tenchistv\tbTenc.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - e:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: e:\windows\system32\mmcox.dll: {a9ba40a1-74f1-52bd-f431-00b15a2c8953} - e:\windows\system32\mmcox.dll
BHO: {d469b3a7-3577-4d76-8b00-45e4a5d69cdb} - rudujeru.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - e:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - e:\program files\askbardis\bar\bin\askBar.dll
TB: TenchisTV Toolbar: {ece24dcf-8548-4655-b392-47a388721482} - e:\program files\tenchistv\tbTenc.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [PowerBar]
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [peasoxrr] e:\documents and settings\owner\local settings\application data\kijgjy\exfbsftav.exe
uRun: [Messenger (Yahoo!)] "e:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] e:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YVIBBBHA8C] e:\docume~1\owner\locals~1\temp\Bhh.exe
uRun: [hsf87efjhdsf87f3jfsdi7fhsujfd] e:\docume~1\owner\locals~1\temp\notepad.exe
mRun: [SoundMAXPnP] e:\program files\analog devices\core\smax4pnp.exe
mRun: [mcagent_exe] "e:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] e:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [RemoteControl] "e:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [InCD] e:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] e:\windows\system32\NeroCheck.exe
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [igfxtray] e:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] e:\windows\system32\hkcmd.exe
mRun: [igfxpers] e:\windows\system32\igfxpers.exe
mRun: [FastTVSync] "e:\program files\common files\intervideo\fasttvsync\FastTVSync.exe"
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "e:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxczbmgr.exe] "e:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [FaxCenterServer] "e:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [peasoxrr] e:\documents and settings\owner\local settings\application data\kijgjy\exfbsftav.exe
mRun: [snpstd3] e:\windows\vsnpstd3.exe
mRun: [YSearchProtection] "e:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [vekiderilu] Rundll32.exe "kevupavo.dll",s
mRun: [mewelujuz] Rundll32.exe "e:\windows\system32\lasefoye.dll",a
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - e:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - e:\program files\intervideo\dvd5r\SchSvr.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\interv~2.lnk - e:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - e:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - e:\program files\sony corporation\picture package\picture package applications\Residence.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/D ... tion&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 9773106843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.163.55,93.188.161.161
TCP: {214C1D4D-D2D9-46BC-BA36-F1E01908AF3F} = 217.23.14.75,4.2.2.1,192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: gijeluhe.dll e:\windows\system32\lasefoye.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SSODL: halazinod - {4e3d5337-a277-49a4-b11c-a74cc02c4ebe} - e:\windows\system32\lasefoye.dll
STS: e:\windows\system32\mmcox.dll: {a9ba40a1-74f1-52bd-f431-00b15a2c8953} - e:\windows\system32\mmcox.dll
STS: tokatiluy: {4e3d5337-a277-49a4-b11c-a74cc02c4ebe} - e:\windows\system32\lasefoye.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli gijeluhe.dll
IFEO: MpCmdRun.exe - e:\windows\system32\svchost.exe
IFEO: MSASCui.exe - e:\windows\system32\svchost.exe
IFEO: MsMpEng.exe - e:\windows\system32\svchost.exe
IFEO: msseces.exe - e:\windows\system32\svchost.exe

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\owner\applic~1\mozilla\firefox\profiles\md9clpzm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: e:\documents and settings\owner\application data\mozilla\firefox\profiles\md9clpzm.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}\components\FFExternalAlert.dll
FF - component: e:\documents and settings\owner\application data\mozilla\firefox\profiles\md9clpzm.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}\components\RadioWMPCore.dll
FF - component: e:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: e:\documents and settings\owner\application data\facebook\npfbplugin_1_0_0.dll
FF - plugin: e:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: e:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: e:\program files\veetle\player\npvlc.dll
FF - plugin: e:\program files\veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truee:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2009-8-7 11608]
R1 mfehidk;McAfee Inc. mfehidk;e:\windows\system32\drivers\mfehidk.sys [2009-5-14 214664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2009-8-7 108289]
R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2009-8-7 185089]
R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2009-8-7 56816]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-7 93320]
R2 McProxy;McAfee Proxy Service;e:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-7 359952]
R2 McShield;McAfee Real-time Scanner;e:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-7 144704]
R3 McSysmon;McAfee SystemGuards;e:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-7 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;e:\windows\system32\drivers\mfeavfk.sys [2009-8-7 79816]
R3 mfebopk;McAfee Inc. mfebopk;e:\windows\system32\drivers\mfebopk.sys [2009-8-7 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;e:\windows\system32\drivers\mfesmfk.sys [2009-8-7 40552]
S1 SASDIFSV;SASDIFSV;\??\g:\sasdifsv.sys --> g:\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\g:\saskutil.sys --> g:\SASKUTIL.SYS [?]
S3 mferkdk;McAfee Inc. mferkdk;e:\windows\system32\drivers\mferkdk.sys [2009-8-7 34248]
S3 SASENUM;SASENUM;\??\g:\sasenum.sys --> g:\SASENUM.SYS [?]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-16 21:48:14 0 d-sh--w- E:\found.002
2010-04-05 23:25:51 0 d--h--w- e:\windows\PIF
2010-04-04 02:23:26 0 d-----w- e:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-04 02:01:09 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 02:00:57 0 d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-04 02:00:50 20824 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-04-04 02:00:49 0 d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-04-03 23:39:41 179712 ----a-w- e:\windows\Bzetia.exe
2010-04-02 20:26:56 262144 ----a-w- E:\ntuser.dat
2010-04-02 20:20:23 0 d-----w- e:\program files\Yahoo!
2010-03-22 03:11:46 0 d-----w- e:\program files\Conduit
2010-03-22 03:11:38 0 d-----w- e:\program files\TenchisTV

==================== Find3M ====================

2010-04-04 00:12:02 96512 ----a-w- e:\windows\system32\drivers\atapi.sys
2010-02-25 06:24:37 916480 ----a-w- e:\windows\system32\wininet.dll
2004-03-11 20:27:22 40960 ----a-w- e:\program files\Uninstall_CDS.exe
2010-01-03 23:47:38 139776 --sha-w- e:\windows\system32\nevigapi.exe

============= FINISH: 19:10:26.70 ===============
BoricuaWarrior
Active Member
 
Posts: 10
Joined: April 10th, 2010, 2:51 pm

Re: Trojan malware removal

Unread postby gringo_pr » April 20th, 2010, 4:02 am

Greetings

please srnd me the log from GMER so we can start thanks



gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Trojan malware removal

Unread postby BoricuaWarrior » April 20th, 2010, 6:40 pm

It says that the application is not found
BoricuaWarrior
Active Member
 
Posts: 10
Joined: April 10th, 2010, 2:51 pm

Re: Trojan malware removal

Unread postby gringo_pr » April 21st, 2010, 3:20 am

Hello

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

uninstall some programs:

    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. click on the icon add or remove programs
    click on the following programs

    Ask Toolbar
    FrostWire 4.20.3
    Java(TM) 6 Update 7


    and click on remove

Run Combofix:

    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:

      The Recovery Console was successfully installed.
    Please continue as follows:

    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"

    In your next post I need the following

    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Trojan malware removal

Unread postby BoricuaWarrior » April 22nd, 2010, 8:33 pm

I was able to run th Gmer and delete the programs but not able to run the combofix. This is the Gmer log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-22 19:29:29
Windows 5.1.2600 Service Pack 3
Running: c05ws5ly.exe; Driver: E:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdypod.sys


---- System - GMER 1.0.15 ----

SSDT F8B45B86 ZwCreateKey
SSDT F8B45B7C ZwCreateThread
SSDT F8B45B8B ZwDeleteKey
SSDT F8B45B95 ZwDeleteValueKey
SSDT F8B45B9A ZwLoadKey
SSDT F8B45B68 ZwOpenProcess
SSDT F8B45B6D ZwOpenThread
SSDT F8B45BA4 ZwReplaceKey
SSDT F8B45B9F ZwRestoreKey
SSDT F8B45B90 ZwSetValueKey
SSDT F8B45B77 ZwTerminateProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEEB97799]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEEB97747]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEEB9775B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEEB978EC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEEB978D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEEB977D9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEEB97918]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEEB9781C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEEB977AD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEEB9795E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEEB978C0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEEB978AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEEB97862]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEEB97785]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEEB97771]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEEB97902]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEEB977EF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEEB977C3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP EEB977C7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568EE9 5 Bytes JMP EEB97820 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A382 7 Bytes JMP EEB978AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056F600 5 Bytes JMP EEB9779D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80570441 5 Bytes JMP EEB97775 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 805732AD 7 Bytes JMP EEB97962 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 7 Bytes JMP EEB978F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057457F 7 Bytes JMP EEB977B1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80578606 5 Bytes JMP EEB977F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80578A81 7 Bytes JMP EEB977DD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581030 7 Bytes JMP EEB9775F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058BA5D 5 Bytes JMP EEB9791C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590669 7 Bytes JMP EEB978DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B135A 5 Bytes JMP EEB9774B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD47 5 Bytes JMP EEB97789 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA6A 7 Bytes JMP EEB97906 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E390 7 Bytes JMP EEB978C4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E80E 7 Bytes JMP EEB97866 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
init E:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF88D2720]
init E:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7E91F80]

---- User code sections - GMER 1.0.15 ----

.text e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[424] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070047
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F52
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F6F
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F8A
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002C
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F2D
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070075
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700C6
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700AB
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F12
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FA5
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FDE
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070058
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007001B
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007000A
.text E:\WINDOWS\system32\services.exe[712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070090
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FCA
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F9B
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006001B
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006000A
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060062
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060051
.text E:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060036
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA6
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050031
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD2
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0005000C
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FC1
.text E:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FEF
.text E:\WINDOWS\system32\services.exe[712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00FEF
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F000AC
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00091
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00076
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00065
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F0002F
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F6E
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F7F
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000F6
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00F5D
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00111
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00040
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00FD4
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F9C
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00014
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00FC3
.text E:\WINDOWS\system32\lsass.exe[732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F000DB
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FB9
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F68
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FD4
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF000A
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0F79
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0FEF
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EF0F9E
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0F, 89]
.text E:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0025
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0058
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE003D
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0011
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0000
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0022
.text E:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FD7
.text E:\WINDOWS\system32\lsass.exe[732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0000
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF0000
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EF0F8B
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EF0F9C
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EF0076
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EF0065
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF0FC3
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EF00A5
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EF0F69
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EF00C7
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EF0F38
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EF00EC
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EF004A
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EF0FE5
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EF0F7A
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EF0FD4
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EF001B
.text E:\WINDOWS\system32\svchost.exe[900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EF00B6
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EE0FB9
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EE0F8D
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EE0FD4
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EE0FE5
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EE0F9E
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EE0000
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EE0040
.text E:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EE002F
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00ED0FB9
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!system 77C293C7 5 Bytes JMP 00ED0044
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00ED0FD4
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00ED000C
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00ED0033
.text E:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00ED0FEF
.text E:\WINDOWS\system32\svchost.exe[900] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EC0FE5
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C2000A
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C2009B
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20FA6
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20080
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20065
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FC3
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20F75
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C200BD
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F64
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C200FD
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20F53
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20054
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20FEF
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C200AC
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C2002F
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20FD4
.text E:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C200E2
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10FB9
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10062
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C10FCA
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C10FDB
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10047
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10000
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C10036
.text E:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10025
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00031
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00FA6
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C0000C
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FEF
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00FB7
.text E:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00FDE
.text E:\WINDOWS\system32\svchost.exe[980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0000
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 050A0FEF
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 050A0F88
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 050A0F99
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 050A0073
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 050A0058
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 050A0FC0
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 050A0F3F
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 050A0F66
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 050A0F09
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 050A0F24
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 050A0EF8
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 050A0047
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 050A000A
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 050A0F77
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 050A002C
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 050A001B
.text E:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 050A00A2
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 05090039
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 05090FA1
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 05090FDE
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 05090FEF
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 05090FBC
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0509000A
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 05090FCD
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [29, 8D]
.text E:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 05090054
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0503001B
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!system 77C293C7 5 Bytes JMP 05030F90
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 05030FC6
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05030000
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05030FAB
.text E:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 05030FE3
.text E:\WINDOWS\System32\svchost.exe[1076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02720000
.text E:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02710FE5
.text E:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0271000A
.text E:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02710FCA
.text E:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0271001B
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008C0FEF
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008C0040
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008C0F4B
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008C0F68
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008C0025
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008C0F8D
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008C0F09
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008C005B
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008C0098
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008C007D
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008C00A9
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008C000A
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008C0FD4
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008C0F30
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008C0F9E
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008C0FB9
.text E:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008C006C
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008B002F
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008B004A
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008B0014
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008B0FDE
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008B0F8D
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008B0FEF
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008B0F9E
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AB, 88]
.text E:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008B0FC3
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008A0FBE
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!system 77C293C7 5 Bytes JMP 008A0049
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008A001D
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008A0000
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008A002E
.text E:\WINDOWS\system32\svchost.exe[1252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008A0FE3
.text E:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00890000
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90000
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90F32
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F4D
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90027
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F68
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90F8A
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90069
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B9004C
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90084
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90EEB
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90EDA
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90F79
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FDB
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F21
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FA5
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FC0
.text E:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90F06
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B8000A
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80076
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FC3
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FDE
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B8005B
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FEF
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B80040
.text E:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B8002F
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70FAD
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70038
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70016
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FEF
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70027
.text E:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FD2
.text E:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B60000
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F6D
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F88
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0062
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0051
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA002C
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F50
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0098
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00BD
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F24
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00CE
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FAF
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FDB
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0087
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FCA
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0011
.text E:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F3F
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FAF
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F54
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930000
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FCA
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F65
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FE5
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930011
.text E:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930F94
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0092004E
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB9
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD4
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0092000C
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920029
.text E:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FEF
.text E:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text E:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FEF
.text E:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900025
.text E:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900FCA
.text E:\WINDOWS\system32\svchost.exe[1692] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC007F
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F8A
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC006E
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0051
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0036
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00D2
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC00C1
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00F4
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00E3
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0105
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0FAF
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC000A
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00A4
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0025
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FD4
.text E:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F6F
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0FDB
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0087
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB002C
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB001B
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB006C
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB000A
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FCA
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text E:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0051
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0FD4
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FE5
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA003A
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0055
.text E:\WINDOWS\system32\svchost.exe[1848] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA001D
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FE5
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0025007D
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250F88
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250F99
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250062
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250036
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002500BA
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002500A9
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250F46
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002500DF
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002500FA
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250051
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0025000A
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0025008E
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250FCA
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0025001B
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250F57
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00340FD4
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0034007D
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FE5
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340011
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340062
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340000
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00340047
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340036
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0035002C
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!system 77C293C7 5 Bytes JMP 0035001B
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350FBC
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FAB
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350FD7
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CB0000
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CB0011
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CB0022
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CB0033
.text E:\Program Files\Internet Explorer\iexplore.exe[2344] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01590000
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A009D
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A008C
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0FA8
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0065
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A004A
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00B8
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F7C
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00D3
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F3A
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F1F
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FC3
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FEF
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F8D
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A002F
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FDE
.text E:\WINDOWS\Explorer.EXE[3368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F5F
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290014
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F68
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FB9
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FCA
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F83
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FE5
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F9E
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text E:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290025
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0047
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A002C
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FD7
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FBC
.text E:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0011
.text E:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0000
.text E:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0FEF
.text E:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0FD4
.text E:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C0025
.text E:\WINDOWS\Explorer.EXE[3368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01E60000
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FEF
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F58
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250F69
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250F7A
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250F97
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250FA8
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250F05
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250F20
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0025008D
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0025007C
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0025009E
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250039
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00250FD4
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00250F47
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250014
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FB9
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250EF4
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0034002F
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0034005B
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FDE
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340014
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340F9E
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340FEF
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0034004A
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340FC3
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350FB7
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350FD2
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00350038
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00350FE3
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350011
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01AE0FEF
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01AE0000
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01AE0011
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01AE0FC0
.text E:\Program Files\Internet Explorer\iexplore.exe[3576] ws2_32.dll!socket 71AB4211 5 Bytes JMP 024C0000
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250000
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F66
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250F77
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250F9E
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0025005B
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250FCA
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002500A7
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250080
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002500DA
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002500C9
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00250F26
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250FB9
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0025001B
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00250F55
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250040
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00250FEF
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002500B8
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00340FD4
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00340073
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00340FEF
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00340025
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00340062
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00340000
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00340047
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00340036
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00350049
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!system 77C293C7 5 Bytes JMP 00350FBE
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0035001D
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00350000
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0035002E
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00350FE3
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 E:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01BE000A
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01BE0FE5
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01BE001B
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01BE0FC0
.text E:\Program Files\Internet Explorer\iexplore.exe[3720] ws2_32.dll!socket 71AB4211 5 Bytes JMP 024C0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\FineReaderSprint.FRSprintWord.6@ FineReaderSprint.FRSprintWord.6
Reg HKLM\SOFTWARE\Classes\FineReaderSprint.FRSprintWord.6\CLSID
Reg HKLM\SOFTWARE\Classes\FineReaderSprint.FRSprintWord.6\CLSID@ {60A6D1B7-1FF4-49b7-9EA7-D1FF5166FEC6}
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress@ RstrProgress Class
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CLSID
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CLSID@ {bf404da2-7d3b-11d3-b9e5-00c04f79e399}
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CurVer
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CurVer@ RstrCC.RstrProgress.1
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1@ RstrProgress Class
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1\CLSID
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1\CLSID@ {bf404da2-7d3b-11d3-b9e5-00c04f79e399}
Reg HKLM\SOFTWARE\Classes\Veetle Broadcaster Plugin 0.9.16@ Veetle Broadcaster Plugin 0.9.16
Reg HKLM\SOFTWARE\Classes\Veetle Broadcaster Plugin 0.9.16\CLSID
Reg HKLM\SOFTWARE\Classes\Veetle Broadcaster Plugin 0.9.16\CLSID@ {B91B0A7A-B6E9-476D-8560-4ACA2E3C01B1}
Reg HKLM\SOFTWARE\Classes\Veetle Broadcaster Plugin 0.9.16\CurVer
Reg HKLM\SOFTWARE\Classes\Veetle Broadcaster Plugin 0.9.16\CurVer@ Veetle Broadcaster Plugin 0.9.16
Reg HKLM\SOFTWARE\Classes\Veetle TV Core 0.9.16@ Veetle TV Core
Reg HKLM\SOFTWARE\Classes\Veetle TV Core 0.9.16\CLSID
Reg HKLM\SOFTWARE\Classes\Veetle TV Core 0.9.16\CLSID@ {1EB0FE44-B210-47FE-BADE-04D617312B39}
Reg HKLM\SOFTWARE\Classes\Veetle TV Player 0.9.16@ Veetle TV Player 0.9.16
Reg HKLM\SOFTWARE\Classes\Veetle TV Player 0.9.16\CLSID
Reg HKLM\SOFTWARE\Classes\Veetle TV Player 0.9.16\CLSID@ {8A4227BF-0CC2-4EEF-B076-DAFFF941EEA5}
Reg HKLM\SOFTWARE\Classes\Veetle TV Player 0.9.16\CurVer
Reg HKLM\SOFTWARE\Classes\Veetle TV Player 0.9.16\CurVer@ Veetle TV Player 0.9.16

---- EOF - GMER 1.0.15 ----
BoricuaWarrior
Active Member
 
Posts: 10
Joined: April 10th, 2010, 2:51 pm

Re: Trojan malware removal

Unread postby gringo_pr » April 22nd, 2010, 11:15 pm

Greetings

please tell me what happened when you tried to run combofix?


gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Trojan malware removal

Unread postby BoricuaWarrior » April 24th, 2010, 1:08 pm

This is the combofix log
ComboFix 10-04-21.01 - Owner 04/24/2010 11:32:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.240 [GMT -5:00]
Running from: e:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\All Users\Favorites\_favdata.dat
e:\documents and settings\Owner\Local Settings\Application Data\4234251911.dll
e:\documents and settings\Owner\Local Settings\Application Data\MSASCui.exe
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\07JMaowP.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\15t8Ep.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\1YrO7Q0X.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\558mvs6uA.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\5M4SAbi.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\5sPq6i.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\E07OHt62.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\F0mf54.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\f6eHNC.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\Gi6464D.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\HYO0N.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\JW3bW.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\QL8WmK18.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\SD2IFD2U.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\TPsI0.jpg
e:\documents and settings\Owner\Local Settings\Temporary Internet Files\ySO57.jpg
e:\program files\AskSearch\bin\DeFAultsearch.dll
e:\windows\system32\mmcox.dll
e:\windows\system32\nevigapi.exe
e:\windows\system32\spool\prtprocs\w32x86\00006096.tmp
e:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
e:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
.

2010-04-16 21:48 . 2010-04-16 21:48 -------- d-----w- E:\found.002
2010-04-05 23:25 . 2010-04-05 23:25 -------- d--h--w- e:\windows\PIF
2010-04-05 01:50 . 2010-04-05 01:50 -------- d-sh--w- e:\documents and settings\GISET\IECompatCache
2010-04-04 05:45 . 2010-04-04 05:45 -------- d-----w- e:\documents and settings\GISET\Application Data\SUPERAntiSpyware.com
2010-04-04 02:23 . 2010-04-04 02:23 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-04 02:23 . 2010-04-04 02:23 -------- d-----w- e:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-04-04 02:01 . 2010-03-29 20:24 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 02:00 . 2010-04-04 02:00 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-04 02:00 . 2010-03-29 20:24 20824 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-04-04 02:00 . 2010-04-04 02:03 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-04-04 00:52 . 2010-04-04 00:52 -------- d-sh--w- e:\documents and settings\Administrator\IETldCache
2010-04-04 00:01 . 2010-04-04 00:01 -------- d-----w- e:\documents and settings\GISET\Local Settings\Application Data\Yahoo
2010-04-03 23:54 . 2010-04-03 23:54 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache
2010-04-03 23:52 . 2010-04-03 23:54 -------- d--h--w- e:\documents and settings\GISET\Application Data\yahoo!
2010-04-03 23:39 . 2010-04-03 23:38 179712 ----a-w- e:\windows\Bzetia.exe
2010-04-02 20:28 . 2010-04-02 22:29 -------- d-----w- e:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2010-04-02 20:26 . 2010-04-02 20:26 262144 ----a-w- E:\ntuser.dat
2010-04-02 20:25 . 2010-04-02 22:31 -------- d-----w- e:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-02 20:25 . 2010-04-02 20:28 -------- d-----w- e:\documents and settings\Owner\Application Data\Yahoo!
2010-04-02 20:23 . 2010-04-02 20:25 -------- d-----w- e:\documents and settings\All Users\Application Data\Yahoo!
2010-04-02 20:20 . 2010-04-02 20:26 -------- d-----w- e:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 16:51 . 2009-08-22 14:37 256 ----a-w- e:\windows\system32\pool.bin
2010-04-22 02:33 . 2009-08-07 21:27 -------- d-----w- e:\program files\Java
2010-04-22 02:31 . 2010-03-24 00:47 -------- d-----w- e:\documents and settings\GISET\Application Data\FrostWire
2010-04-22 00:53 . 2009-08-07 21:26 -------- d-----w- e:\program files\FrostWire
2010-04-09 03:05 . 2009-08-07 20:41 -------- d-----w- e:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-04 00:12 . 2004-08-04 12:00 96512 ----a-w- e:\windows\system32\drivers\atapi.sys
2010-04-02 23:31 . 2009-08-07 18:46 -------- d-----w- e:\program files\McAfee
2010-04-01 05:50 . 2009-08-09 02:59 -------- d-----w- e:\documents and settings\Owner\Application Data\FrostWire
2010-03-23 03:26 . 2010-03-23 03:26 85088 ----a-w- e:\documents and settings\GISET\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-22 03:11 . 2010-03-22 03:11 -------- d-----w- e:\program files\TenchisTV
2010-03-22 03:11 . 2010-03-22 03:11 -------- d-----w- e:\program files\Conduit
2010-03-17 04:11 . 2009-07-31 23:25 85088 ----a-w- e:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-12 00:38 . 2009-08-16 18:36 -------- d-----w- e:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-05 03:10 . 2010-03-05 03:09 -------- d-----w- e:\program files\Veetle
2010-03-05 03:05 . 2010-03-05 03:02 -------- d-----w- e:\documents and settings\GISET\Application Data\Move Networks
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- e:\windows\system32\wininet.dll
2004-03-11 20:27 . 2009-08-07 19:21 40960 ----a-w- e:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ece24dcf-8548-4655-b392-47a388721482}"= "e:\program files\TenchisTV\tbTenc.dll" [2010-03-09 2355224]

[HKEY_CLASSES_ROOT\clsid\{ece24dcf-8548-4655-b392-47a388721482}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ece24dcf-8548-4655-b392-47a388721482}"= "e:\program files\TenchisTV\tbTenc.dll" [2010-03-09 2355224]

[HKEY_CLASSES_ROOT\clsid\{ece24dcf-8548-4655-b392-47a388721482}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="e:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"Search Protection"="e:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"mcagent_exe"="e:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="e:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"RemoteControl"="e:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-09 32768]
"InCD"="e:\program files\Ahead\InCD\InCD.exe" [2004-04-06 1298542]
"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"igfxtray"="e:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="e:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="e:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"FastTVSync"="e:\program files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2004-03-11 245760]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RoxWatchTray"="e:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"lxczbmgr.exe"="e:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="e:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"snpstd3"="e:\windows\vsnpstd3.exe" [2006-09-19 827392]
"YSearchProtection"="e:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-10-18 149280]

e:\documents and settings\GISET\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - e:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-11-12 1447184]
InterVideo Scheduler server.lnk - e:\program files\InterVideo\DVD5R\SchSvr.exe [2009-8-8 147456]
InterVideo WinCinema Manager.lnk - e:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-8-8 184320]
Picture Package Menu.lnk - e:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2009-8-8 151552]
Picture Package VCD Maker.lnk - e:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2009-8-8 106496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\FrostWire\\FrostWire.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"e:\\WINDOWS\\system32\\lxczcoms.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [8/7/2009 4:14 PM 108289]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\program files\McAfee\SiteAdvisor\McSACore.exe [8/7/2009 1:49 PM 93320]
S1 SASDIFSV;SASDIFSV;\??\g:\sasdifsv.sys --> g:\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\g:\saskutil.sys --> g:\SASKUTIL.SYS [?]
S3 SASENUM;SASENUM;\??\g:\sasenum.sys --> g:\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 e:\windows\Tasks\McDefragTask.job
- e:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-07 17:22]

2009-10-01 e:\windows\Tasks\McQcTask.job
- e:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-07 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {214C1D4D-D2D9-46BC-BA36-F1E01908AF3F} = 217.23.14.75,4.2.2.1,192.168.1.254
FF - ProfilePath - e:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\md9clpzm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: e:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\md9clpzm.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}\components\FFExternalAlert.dll
FF - component: e:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\md9clpzm.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}\components\RadioWMPCore.dll
FF - component: e:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: e:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_0.dll
FF - plugin: e:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: e:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: e:\program files\Veetle\Player\npvlc.dll
FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truee:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{d469b3a7-3577-4d76-8b00-45e4a5d69cdb} - rudujeru.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - e:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - e:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-PowerBar - (no file)
HKCU-Run-peasoxrr - e:\documents and settings\Owner\Local Settings\Application Data\kijgjy\exfbsftav.exe
HKLM-Run-peasoxrr - e:\documents and settings\Owner\Local Settings\Application Data\kijgjy\exfbsftav.exe
HKLM-Run-vekiderilu - kevupavo.dll
HKLM-Run-mewelujuz - e:\windows\system32\lasefoye.dll
SharedTaskScheduler-{4e3d5337-a277-49a4-b11c-a74cc02c4ebe} - e:\windows\system32\lasefoye.dll
SSODL-halazinod-{4e3d5337-a277-49a4-b11c-a74cc02c4ebe} - e:\windows\system32\lasefoye.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 11:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ?\?????????????????????????????????????????????????????????? ??|`??|????]??|?dF~?????????\????@?8?@??????\??c"?s???s??????@?????N'?s|W3?L|?s????????????u??s????????c"?s???s??????@?8?@?N'?s?X3??$@?8?@?8?@??????????X3?8C3????s?B3??V3??B3?8C3?0i?s?????????W3????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3936)
e:\windows\system32\WININET.dll
e:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Ahead\InCD\InCDsrv.exe
e:\program files\Avira\AntiVir Desktop\avguard.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\windows\system32\lxczcoms.exe
e:\progra~1\McAfee\MSC\mcmscsvc.exe
e:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
e:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
e:\progra~1\McAfee\VIRUSS~1\mcshield.exe
e:\program files\McAfee\MPF\MPFSrv.exe
e:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
e:\progra~1\mcafee.com\agent\mcagent.exe
e:\program files\Lexmark 1200 Series\lxczbmon.exe
e:\windows\system32\Rundll32.exe
e:\windows\system32\Rundll32.exe
e:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
e:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
e:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-04-24 12:04:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-24 17:03

Pre-Run: 49,539,223,552 bytes free
Post-Run: 50,753,523,712 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E5B8E04BCCE715B51EC9C53DE1BC82A2
BoricuaWarrior
Active Member
 
Posts: 10
Joined: April 10th, 2010, 2:51 pm

Re: Trojan malware removal

Unread postby gringo_pr » April 25th, 2010, 12:00 am

Greetings

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

:multiple Anti Virus programs:

    It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

    AV: AntiVir Desktop *On-access scanning enabled* (Updated)
    AV: McAfee VirusScan *On-access scanning enabled* (Updated)


    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    Please remove one of them.

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts
  • After the update is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

    Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


:Kaspersky scan:

    Please go to Kaspersky website and perform an online antivirus scan.

    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Please post this log in your next reply.

"information and logs"

    In your next post I need the following

    1. Log From MBAM
    2. Log From Kaspersky
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Trojan malware removal

Unread postby gringo_pr » April 27th, 2010, 1:21 pm

Hello BoricuaWarrior

three day bump

It has been almost Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 24hrs you have not replied to this thread then it will have to be closed!

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Trojan malware removal

Unread postby BoricuaWarrior » April 27th, 2010, 7:34 pm

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4034

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/25/2010 11:47:14 AM
mbam-log-2010-04-25 (11-47-14).txt

Scan type: Quick scan
Objects scanned: 118810
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("E:\Documents and Settings\Owner\Local Settings\Application Data\ave.exe" /START "E:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{214c1d4d-d2d9-46bc-ba36-f1e01908af3f}\NameServer (Trojan.DNSChanger) -> Data: 217.23.14.75,4.2.2.1,192.168.1.254 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
E:\Documents and Settings\Owner\My Documents\downloads\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
E:\WINDOWS\Bzetia.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
Wasn't able with kapersky
PC is working great.What can I do to avoid this type of infection?
BoricuaWarrior
Active Member
 
Posts: 10
Joined: April 10th, 2010, 2:51 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware