Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malwarebytes, Spybot S&D will not run Google redirecting

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby bearmandan » August 28th, 2010, 9:30 am

I have gotten infected and am unable to run Malwarebytes or Spybot S&D. Also when I did searches and selected malware help for sites I am redirected.
Hope you can help resolve my problem.
Thank for the services you are providing


HijackThis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:13:53, on 8/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100518032859.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P35 "EPSON Stylus CX3800 Series (Copy 1)" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.xpert.adecco.com
O15 - Trusted Zone: http://ak3.xpert.adecco.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B885C12-57C1-4DC4-AD80-7C46071960A1}: NameServer = 93.188.163.231,93.188.166.211
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.231,93.188.166.211
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.231,93.188.166.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.231,93.188.166.211
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 8816 bytes

Uninstall_list

Acrobat.com
Acrobat.com
Acronis True Image WD Edition
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression 5
Azureus
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Data Lifeguard Diagnostic for Windows
Data Lifeguard Tools
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
FxFoto by Triscape
Google Earth
Google Earth
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
Java(TM) 6 Update 21
Kensington MouseWorks
Logitech MouseWare 9.79.1
Malwarebytes' Anti-Malware
McAfee Internet Security
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Home and Business 2010 (Beta) - English
Microsoft Office Small Business Edition 2003
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (3.6.4)
Mozilla Thunderbird (3.1.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MV RegClean 5.0 English
MV RegClean 5.9 English
Natural Color
Nero OEM
NVIDIA Display Driver
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
PrimoPDF -- brought to you by Nitro PDF Software
QuickBooks Pro 2007
QuickBooks Product Listing Service
Quicken 2009
QuickTime
SeaTools for Windows
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
SupportSoft Assisted Service
System Requirements Lab
Triscape FxFoto
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
bearmandan
Regular Member
 
Posts: 15
Joined: August 28th, 2010, 9:02 am
Advertisement
Register to Remove

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby km2357 » August 30th, 2010, 2:18 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.



Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby bearmandan » August 30th, 2010, 10:42 pm

km2357,
Thank you for assisting in helping me restore my system. please find below the output files DSS.txt and Attach.text the GMER will be an additional post.
Bearmandan

DDS (Ver_10-03-17.01) - NTFSx86
Run by Daniel Kiernan at 19:30:24.15 on Mon 08/30/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.771 [GMT -4:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Backups\Gateway My Documents\My Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant =
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100518032859.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [EPSON Stylus CX3800 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P35 "EPSON Stylus CX3800 Series (Copy 1)" /O6 "USB002" /M "Stylus CX3800"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: adecco.com\*.xpert
Trusted Zone: adecco.com\ak3.xpert
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.163.231,93.188.166.211
TCP: {7B885C12-57C1-4DC4-AD80-7C46071960A1} = 93.188.163.231,93.188.166.211
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daniel~1\applic~1\mozilla\firefox\profiles\nuxnqc0c.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&refresh=1
FF - prefs.js: keyword.URL - hxxp://bing.zugo.com/s/?src=FF-Address& ... -76-0-hduU\n&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-13 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-3-16 82952]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-9 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-16 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-16 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-16 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-3-16 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-3-16 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-3-16 141792]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-3-16 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-9 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-9 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-3-16 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-3-16 88480]
R3 pnicII;Linksys Fast Ethernet PCI Card;c:\windows\system32\drivers\LNE100.SYS [2008-11-12 20573]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-9-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-29 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-3-16 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-16 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-9 40552]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]

=============== Created Last 30 ================

2010-08-29 21:58:41 0 d-----w- c:\program files\RootkitRevealer
2010-08-28 13:11:27 0 d-----w- c:\program files\Trend Micro
2010-08-27 11:52:11 0 d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BB.TMP
2010-08-27 02:25:15 0 d-----w- c:\program files\GMER
2010-08-27 02:17:19 0 ----a-w- c:\documents and settings\daniel kiernan\defogger_reenable
2010-08-26 23:46:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 23:46:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 23:46:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 16:43:31 0 d-----w- c:\program files\Pro Imaging Powertoys
2010-08-22 16:43:31 0 d-----w- c:\program files\common files\Nikon
2010-08-22 16:37:06 0 d-----w- c:\windows\Downloaded Installations
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 15:12:57 634656 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-06-17 15:11:25 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 09:40:12 93184 ----a-w- c:\windows\CARDFILE.EXE
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-13 20:39:36 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-28 00:44:12 32768 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-28 00:44:12 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-28 00:44:12 98304 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:33:51.04 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2008 21:23:10
System Uptime: 8/29/2010 15:12:03 (28 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 7VRX
Processor: AMD Athlon(tm) XP 2000+ | Socket-A | 1673/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 348.167 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 84.98 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP114: 12/20/2009 18:18:58 - System Checkpoint
RP115: 12/21/2009 18:28:12 - System Checkpoint
RP116: 12/22/2009 21:20:40 - System Checkpoint
RP117: 12/23/2009 21:35:35 - System Checkpoint
RP118: 12/24/2009 22:21:26 - System Checkpoint
RP119: 12/26/2009 09:05:38 - Removed WinZip 12.1
RP120: 12/26/2009 09:08:39 - Installed WinZip 12.1
RP121: 12/26/2009 19:17:53 - Installed Windows Installer Clean Up
RP122: 12/26/2009 19:27:44 - Installed Microsoft Office Small Business Edition 2003
RP123: 12/26/2009 19:38:55 - Printer Driver Microsoft Office Document Image Writer Installed
RP124: 12/27/2009 20:53:01 - System Checkpoint
RP125: 12/28/2009 22:41:50 - System Checkpoint
RP126: 12/29/2009 23:31:48 - System Checkpoint
RP127: 12/31/2009 00:15:26 - System Checkpoint
RP128: 1/1/2010 01:29:16 - System Checkpoint
RP129: 1/2/2010 01:46:34 - System Checkpoint
RP130: 1/3/2010 02:57:21 - System Checkpoint
RP131: 1/4/2010 06:18:34 - System Checkpoint
RP132: 1/5/2010 09:05:08 - System Checkpoint
RP133: 1/6/2010 17:46:18 - System Checkpoint
RP134: 1/7/2010 17:53:23 - System Checkpoint
RP135: 1/8/2010 17:54:08 - System Checkpoint
RP136: 1/9/2010 18:24:34 - System Checkpoint
RP137: 1/10/2010 18:28:33 - System Checkpoint
RP138: 1/11/2010 20:17:41 - System Checkpoint
RP139: 1/12/2010 21:29:35 - System Checkpoint
RP140: 1/13/2010 20:30:47 - Software Distribution Service 3.0
RP141: 1/13/2010 20:35:29 - Installed Windows XP KB972270.
RP142: 1/13/2010 20:36:02 - Installed Windows XP KB955759.
RP143: 1/14/2010 21:11:45 - System Checkpoint
RP144: 1/15/2010 22:18:59 - System Checkpoint
RP145: 1/17/2010 00:00:58 - System Checkpoint
RP146: 1/18/2010 05:46:19 - System Checkpoint
RP147: 1/19/2010 07:21:25 - System Checkpoint
RP148: 1/20/2010 23:07:26 - System Checkpoint
RP149: 1/21/2010 18:28:27 - Software Distribution Service 3.0
RP150: 1/21/2010 18:29:15 - Installed Windows XP KB978207.
RP151: 1/22/2010 18:49:23 - System Checkpoint
RP152: 1/23/2010 20:11:54 - System Checkpoint
RP153: 1/24/2010 23:31:41 - System Checkpoint
RP154: 1/26/2010 08:47:09 - System Checkpoint
RP155: 1/26/2010 20:55:15 - Installed Java(TM) 6 Update 18
RP156: 1/27/2010 21:20:48 - System Checkpoint
RP157: 1/28/2010 22:09:36 - System Checkpoint
RP158: 1/29/2010 22:32:26 - System Checkpoint
RP159: 1/30/2010 22:39:05 - System Checkpoint
RP160: 2/1/2010 00:02:49 - System Checkpoint
RP161: 2/2/2010 01:38:55 - System Checkpoint
RP162: 2/3/2010 06:51:25 - System Checkpoint
RP163: 2/4/2010 06:54:30 - System Checkpoint
RP164: 2/4/2010 19:05:07 - Software Distribution Service 3.0
RP165: 2/4/2010 19:13:02 - Printer Driver Microsoft Office Document Image Writer Installed
RP166: 2/5/2010 19:34:10 - System Checkpoint
RP167: 2/6/2010 20:14:29 - System Checkpoint
RP168: 2/7/2010 22:23:55 - System Checkpoint
RP169: 2/9/2010 01:18:50 - System Checkpoint
RP170: 2/9/2010 17:41:25 - Software Distribution Service 3.0
RP171: 2/9/2010 17:42:11 - Installed Windows XP KB977165.
RP172: 2/9/2010 17:43:00 - Installed Windows XP KB978706.
RP173: 2/9/2010 17:45:06 - Installed Windows XP KB977914.
RP174: 2/9/2010 17:45:43 - Installed Windows XP KB975560.
RP175: 2/9/2010 17:46:10 - Installed Windows XP KB978251.
RP176: 2/9/2010 17:46:39 - Installed Windows XP KB975713.
RP177: 2/9/2010 17:47:06 - Installed Windows XP KB978037.
RP178: 2/9/2010 17:50:53 - Installed Windows XP KB971468.
RP179: 2/9/2010 17:52:16 - Installed Windows XP KB978262.
RP180: 2/10/2010 18:08:25 - System Checkpoint
RP181: 2/11/2010 18:21:40 - System Checkpoint
RP182: 2/12/2010 18:51:00 - System Checkpoint
RP183: 2/13/2010 19:20:35 - System Checkpoint
RP184: 2/14/2010 20:30:38 - System Checkpoint
RP185: 2/15/2010 21:27:41 - System Checkpoint
RP186: 2/16/2010 21:33:33 - System Checkpoint
RP187: 2/17/2010 22:00:23 - System Checkpoint
RP188: 2/18/2010 22:09:49 - System Checkpoint
RP189: 2/19/2010 23:15:58 - System Checkpoint
RP190: 2/20/2010 23:32:30 - System Checkpoint
RP191: 2/22/2010 00:00:25 - System Checkpoint
RP192: 2/23/2010 00:00:25 - System Checkpoint
RP193: 2/24/2010 00:13:55 - System Checkpoint
RP194: 2/24/2010 03:00:11 - Software Distribution Service 3.0
RP195: 2/24/2010 03:00:25 - Installed Windows XP KB979306.
RP196: 2/25/2010 03:00:25 - System Checkpoint
RP197: 2/26/2010 03:00:25 - System Checkpoint
RP198: 2/27/2010 03:28:25 - System Checkpoint
RP199: 2/28/2010 04:40:58 - System Checkpoint
RP200: 3/1/2010 04:41:13 - System Checkpoint
RP201: 3/2/2010 04:41:13 - System Checkpoint
RP202: 3/3/2010 06:17:45 - System Checkpoint
RP203: 3/4/2010 06:26:28 - System Checkpoint
RP204: 3/5/2010 08:29:15 - System Checkpoint
RP205: 3/6/2010 10:09:00 - System Checkpoint
RP206: 3/7/2010 10:53:21 - System Checkpoint
RP207: 3/8/2010 11:28:02 - System Checkpoint
RP208: 3/9/2010 12:28:02 - System Checkpoint
RP209: 3/10/2010 05:27:20 - Software Distribution Service 3.0
RP210: 3/10/2010 05:31:15 - Installed Windows XP KB975561.
RP211: 3/10/2010 05:34:00 - Printer Driver Microsoft Office Document Image Writer Installed
RP212: 3/11/2010 06:09:41 - System Checkpoint
RP213: 3/11/2010 17:13:29 - Installed Compatibility Pack for the 2007 Office system
RP214: 3/12/2010 03:00:12 - Software Distribution Service 3.0
RP215: 3/12/2010 15:10:42 - Software Distribution Service 3.0
RP216: 3/13/2010 09:00:58 - Software Distribution Service 3.0
RP217: 3/14/2010 12:08:30 - System Checkpoint
RP218: 3/15/2010 12:38:15 - System Checkpoint
RP219: 3/16/2010 13:38:15 - System Checkpoint
RP220: 3/17/2010 18:40:02 - System Checkpoint
RP221: 3/18/2010 19:08:13 - System Checkpoint
RP222: 3/19/2010 21:33:00 - System Checkpoint
RP223: 3/20/2010 22:09:41 - System Checkpoint
RP224: 3/22/2010 07:51:49 - System Checkpoint
RP225: 3/23/2010 08:41:02 - System Checkpoint
RP226: 3/24/2010 09:20:25 - System Checkpoint
RP227: 3/25/2010 10:50:32 - System Checkpoint
RP228: 3/26/2010 11:10:59 - System Checkpoint
RP229: 3/27/2010 14:42:28 - System Checkpoint
RP230: 3/28/2010 15:50:55 - System Checkpoint
RP231: 3/29/2010 19:03:41 - System Checkpoint
RP232: 3/30/2010 21:03:31 - System Checkpoint
RP233: 3/31/2010 03:00:12 - Software Distribution Service 3.0
RP234: 3/31/2010 03:01:04 - Installed Windows XP KB980182.
RP235: 4/1/2010 18:09:47 - System Checkpoint
RP236: 4/2/2010 20:53:14 - System Checkpoint
RP237: 4/3/2010 23:02:53 - System Checkpoint
RP238: 4/4/2010 23:23:11 - System Checkpoint
RP239: 4/5/2010 23:37:33 - System Checkpoint
RP240: 4/6/2010 23:43:44 - System Checkpoint
RP241: 4/8/2010 00:26:14 - System Checkpoint
RP242: 4/9/2010 01:43:10 - System Checkpoint
RP243: 4/10/2010 01:49:08 - System Checkpoint
RP244: 4/11/2010 09:06:38 - System Checkpoint
RP245: 4/12/2010 18:51:38 - System Checkpoint
RP246: 4/13/2010 19:54:11 - Software Distribution Service 3.0
RP247: 4/13/2010 19:55:14 - Installed Windows XP KB979309.
RP248: 4/13/2010 19:55:41 - Installed Windows XP KB978601.
RP249: 4/13/2010 19:56:39 - Installed Windows XP KB977816.
RP250: 4/13/2010 19:57:05 - Installed Windows XP KB978338.
RP251: 4/13/2010 19:57:34 - Installed Windows XP KB981349.
RP252: 4/13/2010 19:59:43 - Installed Windows Media Player KB979402.
RP253: 4/13/2010 20:00:14 - Installed Windows XP KB980232.
RP254: 4/13/2010 20:00:49 - Installed Windows XP KB979683.
RP255: 4/14/2010 21:35:56 - System Checkpoint
RP256: 4/16/2010 08:52:18 - System Checkpoint
RP257: 4/17/2010 19:02:58 - System Checkpoint
RP258: 4/18/2010 20:08:37 - System Checkpoint
RP259: 4/19/2010 21:42:59 - System Checkpoint
RP260: 4/21/2010 06:06:44 - System Checkpoint
RP261: 4/22/2010 17:16:54 - System Checkpoint
RP262: 4/23/2010 20:53:33 - System Checkpoint
RP263: 4/24/2010 21:20:58 - System Checkpoint
RP264: 4/25/2010 17:56:32 - Installed Windows Media Player 11
RP265: 4/25/2010 17:58:05 - Software Distribution Service 3.0
RP266: 4/25/2010 17:58:23 - Installed Windows Media Player 11
RP267: 4/25/2010 17:59:22 - Installed Windows XP Wudf01000.
RP268: 4/25/2010 18:02:16 - Installed Windows XP MSCompPackV1.
RP269: 4/25/2010 18:12:45 - Software Distribution Service 3.0
RP270: 4/25/2010 18:13:03 - Installed Windows Media Player KB952069.
RP271: 4/25/2010 18:13:18 - Installed Windows Media Player KB973540.
RP272: 4/25/2010 18:13:32 - Installed Windows Media Player KB954155.
RP273: 4/25/2010 18:13:43 - Installed Windows Media Player KB968816.
RP274: 4/26/2010 13:41:52 - Software Distribution Service 3.0
RP275: 4/26/2010 13:42:05 - Installed Windows Media Player 11 KB954154.
RP276: 4/26/2010 13:42:49 - Installed Windows Media Player 11 KB939683.
RP277: 4/26/2010 13:43:21 - Installed Windows Media Format 11 SDK KB929399.
RP278: 4/26/2010 13:44:05 - Installed Windows XP KB941569.
RP279: 4/27/2010 17:41:02 - System Checkpoint
RP280: 4/28/2010 18:20:30 - System Checkpoint
RP281: 4/29/2010 20:21:16 - System Checkpoint
RP282: 4/30/2010 21:31:11 - System Checkpoint
RP283: 5/2/2010 00:31:24 - System Checkpoint
RP284: 5/3/2010 03:17:12 - System Checkpoint
RP285: 5/4/2010 14:01:41 - System Checkpoint
RP286: 5/5/2010 18:41:53 - System Checkpoint
RP287: 5/6/2010 18:52:24 - System Checkpoint
RP288: 5/7/2010 19:18:48 - System Checkpoint
RP289: 5/8/2010 19:20:55 - System Checkpoint
RP290: 5/9/2010 23:16:43 - System Checkpoint
RP291: 5/10/2010 19:43:30 - Removed Java 2 Runtime Environment, SE v1.4.2_18
RP292: 5/10/2010 19:49:47 - Removed Windows Installer Clean Up
RP293: 5/10/2010 19:54:23 - Installed Windows Installer Clean Up
RP294: 5/10/2010 20:02:00 - Installed Java(TM) 6 Update 20
RP295: 5/11/2010 17:54:54 - Software Distribution Service 3.0
RP296: 5/11/2010 17:55:36 - Installed Windows XP KB978542.
RP297: 5/12/2010 20:19:18 - System Checkpoint
RP298: 5/14/2010 07:04:47 - System Checkpoint
RP299: 5/14/2010 15:48:29 - Printer Driver PrimoPDF Installed
RP300: 5/14/2010 16:15:24 - Installed %1 %2.
RP301: 5/14/2010 16:15:37 - Printer Driver Microsoft XPS Document Writer Installed
RP302: 5/14/2010 16:25:27 - Software Distribution Service 3.0
RP303: 5/14/2010 16:30:37 - Installed Windows KB954550-v5.
RP304: 5/14/2010 16:30:50 - Printer Driver Microsoft XPS Document Writer Installed
RP305: 5/14/2010 16:40:26 - Printer Driver Microsoft XPS Document Writer Installed
RP306: 5/14/2010 16:49:37 - Software Distribution Service 3.0
RP307: 5/14/2010 16:50:15 - Installed Windows XP KB961118.
RP308: 5/14/2010 17:22:30 - Printer Driver PrimoPDF Installed
RP309: 5/15/2010 20:18:47 - System Checkpoint
RP310: 5/16/2010 21:13:25 - System Checkpoint
RP311: 5/17/2010 21:32:11 - System Checkpoint
RP312: 5/18/2010 22:25:01 - System Checkpoint
RP313: 5/20/2010 16:38:52 - System Checkpoint
RP314: 5/22/2010 08:16:17 - System Checkpoint
RP315: 5/23/2010 08:49:35 - System Checkpoint
RP316: 5/24/2010 23:06:15 - System Checkpoint
RP317: 5/25/2010 15:41:20 - Software Distribution Service 3.0
RP318: 5/25/2010 15:41:38 - Installed Windows XP KB981793.
RP319: 5/26/2010 17:09:08 - System Checkpoint
RP320: 5/27/2010 17:52:51 - System Checkpoint
RP321: 5/28/2010 22:10:13 - System Checkpoint
RP322: 5/29/2010 22:28:43 - System Checkpoint
RP323: 5/31/2010 06:53:32 - System Checkpoint
RP324: 6/1/2010 16:10:19 - System Checkpoint
RP325: 6/1/2010 20:05:00 - Removed WinZip 12.1
RP326: 6/2/2010 21:09:41 - System Checkpoint
RP327: 6/3/2010 22:05:42 - System Checkpoint
RP328: 6/4/2010 23:13:07 - System Checkpoint
RP329: 6/6/2010 09:59:57 - System Checkpoint
RP330: 6/7/2010 19:07:49 - System Checkpoint
RP331: 6/8/2010 20:14:56 - System Checkpoint
RP332: 6/8/2010 21:06:35 - Software Distribution Service 3.0
RP333: 6/8/2010 21:08:27 - Installed Windows XP KB982381.
RP334: 6/8/2010 21:19:32 - Installed Windows XP KB975562.
RP335: 6/8/2010 21:20:23 - Installed Windows XP KB979482.
RP336: 6/8/2010 21:20:41 - Installed Windows Media Player KB978695.
RP337: 6/8/2010 21:23:46 - Installed Windows XP KB979559.
RP338: 6/8/2010 21:28:29 - Installed Windows XP KB980195.
RP339: 6/8/2010 21:30:47 - Printer Driver Microsoft Office Document Image Writer Installed
RP340: 6/8/2010 21:32:12 - Installed Windows XP KB980218.
RP341: 6/10/2010 17:12:54 - System Checkpoint
RP342: 6/12/2010 15:12:57 - System Checkpoint
RP343: 6/13/2010 16:02:49 - Software Distribution Service 3.0
RP344: 6/14/2010 16:45:46 - System Checkpoint
RP345: 6/15/2010 13:14:35 - Installed QuickBooks
RP346: 6/16/2010 06:43:48 - Software Distribution Service 3.0
RP347: 6/16/2010 06:51:16 - Software Distribution Service 3.0
RP348: 6/17/2010 13:16:31 - System Checkpoint
RP349: 6/18/2010 16:55:26 - System Checkpoint
RP350: 6/19/2010 22:27:03 - System Checkpoint
RP351: 6/20/2010 22:50:53 - System Checkpoint
RP352: 6/22/2010 07:05:02 - System Checkpoint
RP353: 6/23/2010 12:37:38 - Software Distribution Service 3.0
RP354: 6/24/2010 12:58:24 - System Checkpoint
RP355: 6/25/2010 15:06:40 - System Checkpoint
RP356: 6/26/2010 20:16:37 - System Checkpoint
RP357: 6/27/2010 21:59:12 - System Checkpoint
RP358: 6/29/2010 07:07:57 - System Checkpoint
RP359: 6/30/2010 21:13:22 - System Checkpoint
RP360: 7/2/2010 10:35:11 - System Checkpoint
RP361: 7/3/2010 12:41:51 - System Checkpoint
RP362: 7/4/2010 13:35:26 - System Checkpoint
RP363: 7/5/2010 16:46:19 - System Checkpoint
RP364: 7/6/2010 18:10:08 - System Checkpoint
RP365: 7/7/2010 19:10:50 - System Checkpoint
RP366: 7/8/2010 19:47:52 - System Checkpoint
RP367: 7/10/2010 09:37:05 - System Checkpoint
RP368: 7/11/2010 11:54:00 - System Checkpoint
RP369: 7/12/2010 19:06:41 - System Checkpoint
RP370: 7/13/2010 21:16:04 - System Checkpoint
RP371: 7/14/2010 03:01:53 - Software Distribution Service 3.0
RP372: 7/14/2010 03:07:19 - Installed Windows XP KB2229593.
RP373: 7/15/2010 07:59:10 - System Checkpoint
RP374: 7/16/2010 16:50:06 - System Checkpoint
RP375: 7/17/2010 21:09:43 - System Checkpoint
RP376: 7/18/2010 22:43:49 - System Checkpoint
RP377: 7/19/2010 23:11:25 - System Checkpoint
RP378: 7/21/2010 00:26:02 - System Checkpoint
RP379: 7/22/2010 10:10:14 - System Checkpoint
RP380: 7/23/2010 10:49:09 - System Checkpoint
RP381: 7/25/2010 13:25:02 - System Checkpoint
RP382: 7/26/2010 15:09:00 - System Checkpoint
RP383: 7/27/2010 16:27:55 - System Checkpoint
RP384: 7/28/2010 18:32:41 - System Checkpoint
RP385: 7/29/2010 20:30:15 - System Checkpoint
RP386: 7/30/2010 12:37:26 - Installed Microsoft Visual C++ 2005 Redistributable
RP387: 7/30/2010 12:39:13 - Installed SeaTools for Windows
RP388: 7/31/2010 12:05:27 - Software Distribution Service 3.0
RP389: 8/1/2010 14:13:31 - System Checkpoint
RP390: 8/2/2010 18:43:56 - System Checkpoint
RP391: 8/3/2010 08:15:09 - Software Distribution Service 3.0
RP392: 8/3/2010 08:16:43 - Installed Windows XP KB2286198.
RP393: 8/4/2010 10:02:23 - System Checkpoint
RP394: 8/5/2010 20:46:43 - System Checkpoint
RP395: 8/6/2010 22:59:05 - System Checkpoint
RP396: 8/7/2010 23:10:52 - System Checkpoint
RP397: 8/8/2010 23:11:12 - System Checkpoint
RP398: 8/10/2010 18:53:17 - System Checkpoint
RP399: 8/10/2010 19:06:48 - Installed Java(TM) 6 Update 21
RP400: 8/11/2010 20:31:25 - System Checkpoint
RP401: 8/12/2010 18:25:52 - Software Distribution Service 3.0
RP402: 8/12/2010 18:27:54 - Installed Windows XP KB982665.
RP403: 8/12/2010 18:30:03 - Installed Windows XP KB981997.
RP404: 8/12/2010 18:37:43 - Installed Windows XP KB980436.
RP405: 8/12/2010 18:40:05 - Installed Windows XP KB2160329.
RP406: 8/12/2010 18:52:57 - Installed Windows XP KB2079403.
RP407: 8/12/2010 18:55:13 - Installed Windows XP KB981852.
RP408: 8/12/2010 19:07:35 - Printer Driver Microsoft Office Document Image Writer Installed
RP409: 8/12/2010 19:10:13 - Installed Windows XP KB2115168.
RP410: 8/12/2010 19:11:46 - Installed Windows XP KB982214.
RP411: 8/12/2010 19:15:44 - Installed Windows XP KB2183461.
RP412: 8/13/2010 19:17:51 - System Checkpoint
RP413: 8/14/2010 20:40:27 - System Checkpoint
RP414: 8/16/2010 07:53:54 - System Checkpoint
RP415: 8/17/2010 08:58:04 - System Checkpoint
RP416: 8/18/2010 11:07:27 - System Checkpoint
RP417: 8/19/2010 18:51:48 - System Checkpoint
RP418: 8/20/2010 22:46:18 - System Checkpoint
RP419: 8/22/2010 09:19:00 - System Checkpoint
RP420: 8/22/2010 12:43:13 - Installed Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
RP421: 8/23/2010 19:25:22 - System Checkpoint
RP422: 8/24/2010 20:38:30 - Software Distribution Service 3.0
RP423: 8/25/2010 22:37:46 - System Checkpoint
RP424: 8/27/2010 01:10:19 - System Checkpoint
RP425: 8/27/2010 07:53:21 - Installed WinZip 14.0
RP426: 8/28/2010 09:11:18 - Installed HiJackThis
RP427: 8/29/2010 09:39:27 - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Acronis True Image WD Edition
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression 5
Azureus
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Data Lifeguard Diagnostic for Windows
Data Lifeguard Tools
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
FxFoto by Triscape
Google Earth
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 21
Kensington MouseWorks
Logitech MouseWare 9.79.1
Malwarebytes' Anti-Malware
McAfee Internet Security
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Home and Business 2010 (Beta) - English
Microsoft Office Small Business Edition 2003
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (3.6.4)
Mozilla Thunderbird (3.1.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MV RegClean 5.0 English
MV RegClean 5.9 English
Natural Color
Nero OEM
NVIDIA Display Driver
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
PrimoPDF -- brought to you by Nitro PDF Software
QuickBooks Pro 2007
QuickBooks Product Listing Service
Quicken 2009
QuickTime
SeaTools for Windows
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
SupportSoft Assisted Service
System Requirements Lab
Triscape FxFoto
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

8/28/2010 08:23:19, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
8/28/2010 08:21:36, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/28/2010 08:21:19, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 Fips
8/28/2010 08:21:19, error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
8/27/2010 07:53:43, error: Service Control Manager [7024] - The Java Quick Starter service terminated with service-specific error 1 (0x1).
8/27/2010 07:53:42, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s).
8/26/2010 21:31:45, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/26/2010 20:13:02, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/26/2010 19:56:36, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
8/26/2010 19:54:58, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/26/2010 19:19:06, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
8/26/2010 19:13:23, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/24/2010 20:27:56, error: System Error [1003] - Error code 000000ea, parameter1 899ddda8, parameter2 89d68b68, parameter3 89d74700, parameter4 00000001.
8/24/2010 20:21:05, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.

==== End Of File ===========================
bearmandan
Regular Member
 
Posts: 15
Joined: August 28th, 2010, 9:02 am

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby bearmandan » August 30th, 2010, 10:43 pm

km2357,
The remaining log from GMER.
Bearmandan

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-30 22:31:20
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\fweyipoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF743DDC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF743DDF2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF743DE48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF743DD9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF743DD74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF743DD88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF743DDDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF743DE1E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF743DE72]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF743DE5E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF743DE32]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\System32\DRIVERS\i8042prt.sys entry point in ".rsrc" section [0xF76B1194]
? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[356] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 001A0FDB
.text C:\WINDOWS\System32\svchost.exe[356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0000
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0F57
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0F72
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0040
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0F83
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0F94
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE0F32
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0084
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE0F0D
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE00A6
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE0EF2
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE0025
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE0FDB
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0067
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE0FB9
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE0FCA
.text C:\WINDOWS\System32\svchost.exe[356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE0095
.text C:\WINDOWS\System32\svchost.exe[356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD003D
.text C:\WINDOWS\System32\svchost.exe[356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0FD1
.text C:\WINDOWS\System32\svchost.exe[356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD002C
.text C:\WINDOWS\System32\svchost.exe[356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD001B
.text C:\WINDOWS\System32\svchost.exe[356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD008E
.text C:\WINDOWS\System32\svchost.exe[356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0000
.text C:\WINDOWS\System32\svchost.exe[356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CD007D
.text C:\WINDOWS\System32\svchost.exe[356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0058
.text C:\WINDOWS\System32\svchost.exe[356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 001D0F99
.text C:\WINDOWS\System32\svchost.exe[356] msvcrt.dll!system 77C293C7 5 Bytes JMP 001D002E
.text C:\WINDOWS\System32\svchost.exe[356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 001D001D
.text C:\WINDOWS\System32\svchost.exe[356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 001D0000
.text C:\WINDOWS\System32\svchost.exe[356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 001D0FC8
.text C:\WINDOWS\System32\svchost.exe[356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 001D0FE3
.text C:\WINDOWS\System32\svchost.exe[356] wininet.dll!InternetOpenA 3D953081 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[356] wininet.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\System32\svchost.exe[356] wininet.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\System32\svchost.exe[356] wininet.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001B0014
.text C:\WINDOWS\System32\svchost.exe[356] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001C0FEF
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\services.exe[1176] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FE002C
.text C:\WINDOWS\system32\services.exe[1176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01390FEF
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01390FA1
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01390FB2
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01390080
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0139006F
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01390FDE
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01390F58
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01390F69
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01390F1B
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01390F36
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01390F0A
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01390FCD
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01390014
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01390F90
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0139004A
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0139002F
.text C:\WINDOWS\system32\services.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01390F47
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01380047
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01380073
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01380036
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0138001B
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01380058
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0138000A
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01380FC0
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [58, 89]
.text C:\WINDOWS\system32\services.exe[1176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01380FD1
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01370FC0
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!system 77C293C7 5 Bytes JMP 01370055
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0137003A
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01370000
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01370FDB
.text C:\WINDOWS\system32\services.exe[1176] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0137001D
.text C:\WINDOWS\system32\services.exe[1176] wininet.dll!InternetOpenA 3D953081 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[1176] wininet.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\services.exe[1176] wininet.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\services.exe[1176] wininet.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\services.exe[1176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01360000
.text C:\WINDOWS\system32\lsass.exe[1188] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0105000A
.text C:\WINDOWS\system32\lsass.exe[1188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01050FEF
.text C:\WINDOWS\system32\lsass.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01050025
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010A0000
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010A0065
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010A0F70
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010A0F97
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010A0054
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010A0FA8
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010A0F41
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010A0087
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010A00DA
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010A00BF
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010A0F26
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010A002F
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010A0FEF
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010A0076
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010A0FB9
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010A0FCA
.text C:\WINDOWS\system32\lsass.exe[1188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010A00A4
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01090036
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01090F9B
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0109001B
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01090FEF
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01090062
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01090000
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01090FCA
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [29, 89]
.text C:\WINDOWS\system32\lsass.exe[1188] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01090051
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0108003F
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!system 77C293C7 5 Bytes JMP 0108002E
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01080FE3
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01080000
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01080FBE
.text C:\WINDOWS\system32\lsass.exe[1188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0108001D
.text C:\WINDOWS\system32\lsass.exe[1188] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0107000A
.text C:\WINDOWS\system32\lsass.exe[1188] wininet.dll!InternetOpenA 3D953081 5 Bytes JMP 01060FEF
.text C:\WINDOWS\system32\lsass.exe[1188] wininet.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01060FDE
.text C:\WINDOWS\system32\lsass.exe[1188] wininet.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01060014
.text C:\WINDOWS\system32\lsass.exe[1188] wininet.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 0106002F
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D70FCA
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC000A
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC008A
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F8B
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0FA6
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0FC3
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC005B
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC00C2
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F7A
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC0109
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC00EE
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC0F55
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC00A5
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC004A
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC00DD
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0FC3
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0F8D
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB0FDE
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB004A
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DB0FA8
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FB, 88]
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB002F
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0058
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0047
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0011
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0036
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA0FE3
.text C:\WINDOWS\system32\svchost.exe[1356] wininet.dll!InternetOpenA 3D953081 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[1356] wininet.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00D8000A
.text C:\WINDOWS\system32\svchost.exe[1356] wininet.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00D8001B
.text C:\WINDOWS\system32\svchost.exe[1356] wininet.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00D80FCA
.text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90FE5
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E2002C
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E2001B
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EB0F70
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EB0F8B
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EB0F9C
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EB0FC3
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EB004A
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EB0F1D
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EB0F3A
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EB0F02
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EB009B
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EB00C0
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EB0065
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EB0025
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EB0F4B
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EB0FD4
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EB0080
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EA0FCA
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EA0F94
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EA0FE5
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EA001B
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EA0051
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EA0FAF
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0A, 89]
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EA002C
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E50FA6
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E50FB7
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E50FE3
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E50FC8
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E50011
.text C:\WINDOWS\system32\svchost.exe[1448] wininet.dll!InternetOpenA 3D953081 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\svchost.exe[1448] wininet.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[1448] wininet.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\svchost.exe[1448] wininet.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00E30025
.text C:\WINDOWS\system32\svchost.exe[1448] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02500000
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0250001B
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02500FE5
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02A30000
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02A30082
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02A30F97
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02A30065
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02A30FA8
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02A30036
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02A300A4
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02A30F68
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02A300C9
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02A30F26
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02A30F15
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02A30FB9
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02A30FEF
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02A30093
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02A30025
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02A30FD4
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02A30F41
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02A20011
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02A20069
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02A20FC0
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02A20FE5
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02A20058
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02A20000
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02A2003D
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02A2002C
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02A10049
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!system 77C293C7 5 Bytes JMP 02A10FC8
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02A1002E
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02A10000
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02A10FD9
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02A1001D
.text C:\WINDOWS\System32\svchost.exe[1560] wininet.dll!InternetOpenA 3D953081 5 Bytes JMP 02510000
.text C:\WINDOWS\System32\svchost.exe[1560] wininet.dll!InternetOpenW 3D9536B1 5 Bytes JMP 0251001B
.text C:\WINDOWS\System32\svchost.exe[1560] wininet.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 02510FE5
.text C:\WINDOWS\System32\svchost.exe[1560] wininet.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 02510FD4
.text C:\WINDOWS\System32\svchost.exe[1560] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02520FE5
.text C:\WINDOWS\System32\svchost.exe[1640] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E00000
.text C:\WINDOWS\System32\svchost.exe[1640] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E00FDB
.text C:\WINDOWS\System32\svchost.exe[1640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E00011
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50000
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E50F52
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E50F6D
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50047
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E50F8A
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50FC0
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E50F24
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E5006C
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E50087
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E50EF8
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E500A2
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50FA5
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E50011
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E50F41
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50FD1
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E5002C
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E50F09
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E4001B
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E40065
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E40FCA
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E4000A
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E40FA8
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E40FB9
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [04, 89] {ADD AL, 0x89}
.text C:\WINDOWS\System32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E40036
.text C:\WINDOWS\System32\svchost.exe[1640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E3005C
.text C:\WINDOWS\System32\svchost.exe[1640] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E3004B
.text C:\WINDOWS\System32\svchost.exe[1640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E3003A
.text C:\WINDOWS\System32\svchost.exe[1640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E30000
.text C:\WINDOWS\System32\svchost.exe[1640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\System32\svchost.exe[1640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E30029
.text C:\WINDOWS\System32\svchost.exe[1640] wininet.dll!InternetOpenA 3D953081 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\System32\svchost.exe[1640] wininet.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00E10014
.text C:\WINDOWS\System32\svchost.exe[1640] wininet.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00E10FD4
.text C:\WINDOWS\System32\svchost.exe[1640] wininet.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00E1002F
.text C:\WINDOWS\System32\svchost.exe[1640] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E2000A
.text C:\WINDOWS\System32\svchost.exe[1828] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[1828] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\System32\svchost.exe[1828] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF0014
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01090FEF
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01090F5C
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01090051
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01090040
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01090F83
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01090FB9
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01090F21
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01090073
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01090F06
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0109009F
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01090EF5
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01090F94
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01090FDE
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01090062
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01090025
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01090014
.text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01090084
.text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01080F9E
.text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01080036
.text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01080FB9
.text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01080FD4
.text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0108001B
.text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01080FE5
.text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01080F83
.text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [28, 89]
.text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0108000A
.text C:\WINDOWS\System32\svchost.exe[1828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01070039
.text C:\WINDOWS\System32\svchost.exe[1828] msvcrt.dll!system 77C293C7 5 Bytes JMP 01070FA4
.text C:\WINDOWS\System32\svchost.exe[1828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01070FB5
.text C:\WINDOWS\System32\svchost.exe[1828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01070FE3
.text C:\WINDOWS\System32\svchost.exe[1828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01070014
.text C:\WINDOWS\System32\svchost.exe[1828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01070FC6
.text C:\WINDOWS\System32\svchost.exe[1828] wininet.dll!InternetOpenA 3D953081 5 Bytes JMP 01050FE5
.text C:\WINDOWS\System32\svchost.exe[1828] wininet.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01050FD4
.text C:\WINDOWS\System32\svchost.exe[1828] wininet.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01050014
.text C:\WINDOWS\System32\svchost.exe[1828] wininet.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 01050FB9
.text C:\WINDOWS\System32\svchost.exe[1828] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01060FEF
.text C:\WINDOWS\System32\svchost.exe[2212] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\System32\svchost.exe[2212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CE0014
.text C:\WINDOWS\System32\svchost.exe[2212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE0FDE
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D30084
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D30073
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D30F99
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D30062
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D3003D
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D300C6
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D300B5
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D30F37
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D30F48
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D300EB
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D30FB6
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D30000
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D30F7E
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D3002C
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D30011
.text C:\WINDOWS\System32\svchost.exe[2212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D30F63
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D20FCA
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D20F8A
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D20FDB
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D20011
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D20047
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D20000
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D20FA5
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F2, 88]
.text C:\WINDOWS\System32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D2002C
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D10058
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D10FCD
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D10FDE
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D1003D
.text C:\WINDOWS\System32\svchost.exe[2212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D10018
.text C:\WINDOWS\System32\svchost.exe[2212] wininet.dll!InternetOpenA 3D953081 5 Bytes JMP 00CF000A
.text C:\WINDOWS\System32\svchost.exe[2212] wininet.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00CF0025
.text C:\WINDOWS\System32\svchost.exe[2212] wininet.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\System32\svchost.exe[2212] wininet.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\System32\svchost.exe[2212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00000
.text C:\WINDOWS\Explorer.EXE[3220] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FB0FE5
.text C:\WINDOWS\Explorer.EXE[3220] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FB0FB9
.text C:\WINDOWS\Explorer.EXE[3220] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FB0FD4
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01670FEF
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01670F66
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0167005B
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01670F8D
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01670FA8
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01670FB9
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01670F3A
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01670080
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01670F1F
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016700AE
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016700D3
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01670040
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01670FDE
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01670F55
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01670025
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01670014
.text C:\WINDOWS\Explorer.EXE[3220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0167009D
.text C:\WINDOWS\Explorer.EXE[3220] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\Explorer.EXE[3220] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF006C
.text C:\WINDOWS\Explorer.EXE[3220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0025
.text C:\WINDOWS\Explorer.EXE[3220] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\Explorer.EXE[3220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0051
.text C:\WINDOWS\Explorer.EXE[3220] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\Explorer.EXE[3220] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FF0FAF
.text C:\WINDOWS\Explorer.EXE[3220] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1F, 89]
.text C:\WINDOWS\Explorer.EXE[3220] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0036
.text C:\WINDOWS\Explorer.EXE[3220] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE002C
.text C:\WINDOWS\Explorer.EXE[3220] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0FA1
.text C:\WINDOWS\Explorer.EXE[3220] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FC6
.text C:\WINDOWS\Explorer.EXE[3220] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\Explorer.EXE[3220] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE001B
.text C:\WINDOWS\Explorer.EXE[3220] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0000
.text C:\WINDOWS\Explorer.EXE[3220] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00FC0000
.text C:\WINDOWS\Explorer.EXE[3220] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00FC001B
.text C:\WINDOWS\Explorer.EXE[3220] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\Explorer.EXE[3220] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00FC0FD4
.text C:\WINDOWS\Explorer.EXE[3220] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1532] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [004076E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1532] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A622ECC

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\i8042prt.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
bearmandan
Regular Member
 
Posts: 15
Joined: August 28th, 2010, 9:02 am

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby km2357 » August 31st, 2010, 2:56 pm

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Azureus

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Reboot your computer after you have uninstalled the programs above.

Please run DDS when finished and post the log back here.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby bearmandan » August 31st, 2010, 6:42 pm

P2P removed
logs

DDS (Ver_10-03-17.01) - NTFSx86
Run by Daniel Kiernan at 17:53:17.96 on Tue 08/31/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.820 [GMT -4:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Backups\Gateway My Documents\My Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant =
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100518032859.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [EPSON Stylus CX3800 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P35 "EPSON Stylus CX3800 Series (Copy 1)" /O6 "USB002" /M "Stylus CX3800"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: adecco.com\*.xpert
Trusted Zone: adecco.com\ak3.xpert
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.163.231,93.188.166.211
TCP: {7B885C12-57C1-4DC4-AD80-7C46071960A1} = 93.188.163.231,93.188.166.211
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daniel~1\applic~1\mozilla\firefox\profiles\nuxnqc0c.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&refresh=1
FF - prefs.js: keyword.URL - hxxp://bing.zugo.com/s/?src=FF-Address& ... -76-0-hduU\n&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-13 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-3-16 82952]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-9 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-16 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-16 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-16 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-3-16 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-3-16 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-3-16 141792]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-3-16 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-9 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-9 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-3-16 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-3-16 88480]
R3 pnicII;Linksys Fast Ethernet PCI Card;c:\windows\system32\drivers\LNE100.SYS [2008-11-12 20573]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-9-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-29 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-3-16 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-16 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-9 40552]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]

=============== Created Last 30 ================

2010-08-29 21:58:41 0 d-----w- c:\program files\RootkitRevealer
2010-08-28 13:11:27 0 d-----w- c:\program files\Trend Micro
2010-08-27 11:52:11 0 d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BB.TMP
2010-08-27 02:25:15 0 d-----w- c:\program files\GMER
2010-08-27 02:17:19 0 ----a-w- c:\documents and settings\daniel kiernan\defogger_reenable
2010-08-26 23:46:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 23:46:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 23:46:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 16:43:31 0 d-----w- c:\program files\Pro Imaging Powertoys
2010-08-22 16:43:31 0 d-----w- c:\program files\common files\Nikon
2010-08-22 16:37:06 0 d-----w- c:\windows\Downloaded Installations
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 15:12:57 634656 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-06-17 15:11:25 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 09:40:12 93184 ----a-w- c:\windows\CARDFILE.EXE
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-13 20:39:36 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-28 00:44:12 32768 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-28 00:44:12 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-28 00:44:12 98304 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 17:56:47.35 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2008 21:23:10
System Uptime: 8/30/2010 22:50:28 (19 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 7VRX
Processor: AMD Athlon(tm) XP 2000+ | Socket-A | 1673/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 348.127 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 84.401 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP114: 12/20/2009 18:18:58 - System Checkpoint
RP115: 12/21/2009 18:28:12 - System Checkpoint
RP116: 12/22/2009 21:20:40 - System Checkpoint
RP117: 12/23/2009 21:35:35 - System Checkpoint
RP118: 12/24/2009 22:21:26 - System Checkpoint
RP119: 12/26/2009 09:05:38 - Removed WinZip 12.1
RP120: 12/26/2009 09:08:39 - Installed WinZip 12.1
RP121: 12/26/2009 19:17:53 - Installed Windows Installer Clean Up
RP122: 12/26/2009 19:27:44 - Installed Microsoft Office Small Business Edition 2003
RP123: 12/26/2009 19:38:55 - Printer Driver Microsoft Office Document Image Writer Installed
RP124: 12/27/2009 20:53:01 - System Checkpoint
RP125: 12/28/2009 22:41:50 - System Checkpoint
RP126: 12/29/2009 23:31:48 - System Checkpoint
RP127: 12/31/2009 00:15:26 - System Checkpoint
RP128: 1/1/2010 01:29:16 - System Checkpoint
RP129: 1/2/2010 01:46:34 - System Checkpoint
RP130: 1/3/2010 02:57:21 - System Checkpoint
RP131: 1/4/2010 06:18:34 - System Checkpoint
RP132: 1/5/2010 09:05:08 - System Checkpoint
RP133: 1/6/2010 17:46:18 - System Checkpoint
RP134: 1/7/2010 17:53:23 - System Checkpoint
RP135: 1/8/2010 17:54:08 - System Checkpoint
RP136: 1/9/2010 18:24:34 - System Checkpoint
RP137: 1/10/2010 18:28:33 - System Checkpoint
RP138: 1/11/2010 20:17:41 - System Checkpoint
RP139: 1/12/2010 21:29:35 - System Checkpoint
RP140: 1/13/2010 20:30:47 - Software Distribution Service 3.0
RP141: 1/13/2010 20:35:29 - Installed Windows XP KB972270.
RP142: 1/13/2010 20:36:02 - Installed Windows XP KB955759.
RP143: 1/14/2010 21:11:45 - System Checkpoint
RP144: 1/15/2010 22:18:59 - System Checkpoint
RP145: 1/17/2010 00:00:58 - System Checkpoint
RP146: 1/18/2010 05:46:19 - System Checkpoint
RP147: 1/19/2010 07:21:25 - System Checkpoint
RP148: 1/20/2010 23:07:26 - System Checkpoint
RP149: 1/21/2010 18:28:27 - Software Distribution Service 3.0
RP150: 1/21/2010 18:29:15 - Installed Windows XP KB978207.
RP151: 1/22/2010 18:49:23 - System Checkpoint
RP152: 1/23/2010 20:11:54 - System Checkpoint
RP153: 1/24/2010 23:31:41 - System Checkpoint
RP154: 1/26/2010 08:47:09 - System Checkpoint
RP155: 1/26/2010 20:55:15 - Installed Java(TM) 6 Update 18
RP156: 1/27/2010 21:20:48 - System Checkpoint
RP157: 1/28/2010 22:09:36 - System Checkpoint
RP158: 1/29/2010 22:32:26 - System Checkpoint
RP159: 1/30/2010 22:39:05 - System Checkpoint
RP160: 2/1/2010 00:02:49 - System Checkpoint
RP161: 2/2/2010 01:38:55 - System Checkpoint
RP162: 2/3/2010 06:51:25 - System Checkpoint
RP163: 2/4/2010 06:54:30 - System Checkpoint
RP164: 2/4/2010 19:05:07 - Software Distribution Service 3.0
RP165: 2/4/2010 19:13:02 - Printer Driver Microsoft Office Document Image Writer Installed
RP166: 2/5/2010 19:34:10 - System Checkpoint
RP167: 2/6/2010 20:14:29 - System Checkpoint
RP168: 2/7/2010 22:23:55 - System Checkpoint
RP169: 2/9/2010 01:18:50 - System Checkpoint
RP170: 2/9/2010 17:41:25 - Software Distribution Service 3.0
RP171: 2/9/2010 17:42:11 - Installed Windows XP KB977165.
RP172: 2/9/2010 17:43:00 - Installed Windows XP KB978706.
RP173: 2/9/2010 17:45:06 - Installed Windows XP KB977914.
RP174: 2/9/2010 17:45:43 - Installed Windows XP KB975560.
RP175: 2/9/2010 17:46:10 - Installed Windows XP KB978251.
RP176: 2/9/2010 17:46:39 - Installed Windows XP KB975713.
RP177: 2/9/2010 17:47:06 - Installed Windows XP KB978037.
RP178: 2/9/2010 17:50:53 - Installed Windows XP KB971468.
RP179: 2/9/2010 17:52:16 - Installed Windows XP KB978262.
RP180: 2/10/2010 18:08:25 - System Checkpoint
RP181: 2/11/2010 18:21:40 - System Checkpoint
RP182: 2/12/2010 18:51:00 - System Checkpoint
RP183: 2/13/2010 19:20:35 - System Checkpoint
RP184: 2/14/2010 20:30:38 - System Checkpoint
RP185: 2/15/2010 21:27:41 - System Checkpoint
RP186: 2/16/2010 21:33:33 - System Checkpoint
RP187: 2/17/2010 22:00:23 - System Checkpoint
RP188: 2/18/2010 22:09:49 - System Checkpoint
RP189: 2/19/2010 23:15:58 - System Checkpoint
RP190: 2/20/2010 23:32:30 - System Checkpoint
RP191: 2/22/2010 00:00:25 - System Checkpoint
RP192: 2/23/2010 00:00:25 - System Checkpoint
RP193: 2/24/2010 00:13:55 - System Checkpoint
RP194: 2/24/2010 03:00:11 - Software Distribution Service 3.0
RP195: 2/24/2010 03:00:25 - Installed Windows XP KB979306.
RP196: 2/25/2010 03:00:25 - System Checkpoint
RP197: 2/26/2010 03:00:25 - System Checkpoint
RP198: 2/27/2010 03:28:25 - System Checkpoint
RP199: 2/28/2010 04:40:58 - System Checkpoint
RP200: 3/1/2010 04:41:13 - System Checkpoint
RP201: 3/2/2010 04:41:13 - System Checkpoint
RP202: 3/3/2010 06:17:45 - System Checkpoint
RP203: 3/4/2010 06:26:28 - System Checkpoint
RP204: 3/5/2010 08:29:15 - System Checkpoint
RP205: 3/6/2010 10:09:00 - System Checkpoint
RP206: 3/7/2010 10:53:21 - System Checkpoint
RP207: 3/8/2010 11:28:02 - System Checkpoint
RP208: 3/9/2010 12:28:02 - System Checkpoint
RP209: 3/10/2010 05:27:20 - Software Distribution Service 3.0
RP210: 3/10/2010 05:31:15 - Installed Windows XP KB975561.
RP211: 3/10/2010 05:34:00 - Printer Driver Microsoft Office Document Image Writer Installed
RP212: 3/11/2010 06:09:41 - System Checkpoint
RP213: 3/11/2010 17:13:29 - Installed Compatibility Pack for the 2007 Office system
RP214: 3/12/2010 03:00:12 - Software Distribution Service 3.0
RP215: 3/12/2010 15:10:42 - Software Distribution Service 3.0
RP216: 3/13/2010 09:00:58 - Software Distribution Service 3.0
RP217: 3/14/2010 12:08:30 - System Checkpoint
RP218: 3/15/2010 12:38:15 - System Checkpoint
RP219: 3/16/2010 13:38:15 - System Checkpoint
RP220: 3/17/2010 18:40:02 - System Checkpoint
RP221: 3/18/2010 19:08:13 - System Checkpoint
RP222: 3/19/2010 21:33:00 - System Checkpoint
RP223: 3/20/2010 22:09:41 - System Checkpoint
RP224: 3/22/2010 07:51:49 - System Checkpoint
RP225: 3/23/2010 08:41:02 - System Checkpoint
RP226: 3/24/2010 09:20:25 - System Checkpoint
RP227: 3/25/2010 10:50:32 - System Checkpoint
RP228: 3/26/2010 11:10:59 - System Checkpoint
RP229: 3/27/2010 14:42:28 - System Checkpoint
RP230: 3/28/2010 15:50:55 - System Checkpoint
RP231: 3/29/2010 19:03:41 - System Checkpoint
RP232: 3/30/2010 21:03:31 - System Checkpoint
RP233: 3/31/2010 03:00:12 - Software Distribution Service 3.0
RP234: 3/31/2010 03:01:04 - Installed Windows XP KB980182.
RP235: 4/1/2010 18:09:47 - System Checkpoint
RP236: 4/2/2010 20:53:14 - System Checkpoint
RP237: 4/3/2010 23:02:53 - System Checkpoint
RP238: 4/4/2010 23:23:11 - System Checkpoint
RP239: 4/5/2010 23:37:33 - System Checkpoint
RP240: 4/6/2010 23:43:44 - System Checkpoint
RP241: 4/8/2010 00:26:14 - System Checkpoint
RP242: 4/9/2010 01:43:10 - System Checkpoint
RP243: 4/10/2010 01:49:08 - System Checkpoint
RP244: 4/11/2010 09:06:38 - System Checkpoint
RP245: 4/12/2010 18:51:38 - System Checkpoint
RP246: 4/13/2010 19:54:11 - Software Distribution Service 3.0
RP247: 4/13/2010 19:55:14 - Installed Windows XP KB979309.
RP248: 4/13/2010 19:55:41 - Installed Windows XP KB978601.
RP249: 4/13/2010 19:56:39 - Installed Windows XP KB977816.
RP250: 4/13/2010 19:57:05 - Installed Windows XP KB978338.
RP251: 4/13/2010 19:57:34 - Installed Windows XP KB981349.
RP252: 4/13/2010 19:59:43 - Installed Windows Media Player KB979402.
RP253: 4/13/2010 20:00:14 - Installed Windows XP KB980232.
RP254: 4/13/2010 20:00:49 - Installed Windows XP KB979683.
RP255: 4/14/2010 21:35:56 - System Checkpoint
RP256: 4/16/2010 08:52:18 - System Checkpoint
RP257: 4/17/2010 19:02:58 - System Checkpoint
RP258: 4/18/2010 20:08:37 - System Checkpoint
RP259: 4/19/2010 21:42:59 - System Checkpoint
RP260: 4/21/2010 06:06:44 - System Checkpoint
RP261: 4/22/2010 17:16:54 - System Checkpoint
RP262: 4/23/2010 20:53:33 - System Checkpoint
RP263: 4/24/2010 21:20:58 - System Checkpoint
RP264: 4/25/2010 17:56:32 - Installed Windows Media Player 11
RP265: 4/25/2010 17:58:05 - Software Distribution Service 3.0
RP266: 4/25/2010 17:58:23 - Installed Windows Media Player 11
RP267: 4/25/2010 17:59:22 - Installed Windows XP Wudf01000.
RP268: 4/25/2010 18:02:16 - Installed Windows XP MSCompPackV1.
RP269: 4/25/2010 18:12:45 - Software Distribution Service 3.0
RP270: 4/25/2010 18:13:03 - Installed Windows Media Player KB952069.
RP271: 4/25/2010 18:13:18 - Installed Windows Media Player KB973540.
RP272: 4/25/2010 18:13:32 - Installed Windows Media Player KB954155.
RP273: 4/25/2010 18:13:43 - Installed Windows Media Player KB968816.
RP274: 4/26/2010 13:41:52 - Software Distribution Service 3.0
RP275: 4/26/2010 13:42:05 - Installed Windows Media Player 11 KB954154.
RP276: 4/26/2010 13:42:49 - Installed Windows Media Player 11 KB939683.
RP277: 4/26/2010 13:43:21 - Installed Windows Media Format 11 SDK KB929399.
RP278: 4/26/2010 13:44:05 - Installed Windows XP KB941569.
RP279: 4/27/2010 17:41:02 - System Checkpoint
RP280: 4/28/2010 18:20:30 - System Checkpoint
RP281: 4/29/2010 20:21:16 - System Checkpoint
RP282: 4/30/2010 21:31:11 - System Checkpoint
RP283: 5/2/2010 00:31:24 - System Checkpoint
RP284: 5/3/2010 03:17:12 - System Checkpoint
RP285: 5/4/2010 14:01:41 - System Checkpoint
RP286: 5/5/2010 18:41:53 - System Checkpoint
RP287: 5/6/2010 18:52:24 - System Checkpoint
RP288: 5/7/2010 19:18:48 - System Checkpoint
RP289: 5/8/2010 19:20:55 - System Checkpoint
RP290: 5/9/2010 23:16:43 - System Checkpoint
RP291: 5/10/2010 19:43:30 - Removed Java 2 Runtime Environment, SE v1.4.2_18
RP292: 5/10/2010 19:49:47 - Removed Windows Installer Clean Up
RP293: 5/10/2010 19:54:23 - Installed Windows Installer Clean Up
RP294: 5/10/2010 20:02:00 - Installed Java(TM) 6 Update 20
RP295: 5/11/2010 17:54:54 - Software Distribution Service 3.0
RP296: 5/11/2010 17:55:36 - Installed Windows XP KB978542.
RP297: 5/12/2010 20:19:18 - System Checkpoint
RP298: 5/14/2010 07:04:47 - System Checkpoint
RP299: 5/14/2010 15:48:29 - Printer Driver PrimoPDF Installed
RP300: 5/14/2010 16:15:24 - Installed %1 %2.
RP301: 5/14/2010 16:15:37 - Printer Driver Microsoft XPS Document Writer Installed
RP302: 5/14/2010 16:25:27 - Software Distribution Service 3.0
RP303: 5/14/2010 16:30:37 - Installed Windows KB954550-v5.
RP304: 5/14/2010 16:30:50 - Printer Driver Microsoft XPS Document Writer Installed
RP305: 5/14/2010 16:40:26 - Printer Driver Microsoft XPS Document Writer Installed
RP306: 5/14/2010 16:49:37 - Software Distribution Service 3.0
RP307: 5/14/2010 16:50:15 - Installed Windows XP KB961118.
RP308: 5/14/2010 17:22:30 - Printer Driver PrimoPDF Installed
RP309: 5/15/2010 20:18:47 - System Checkpoint
RP310: 5/16/2010 21:13:25 - System Checkpoint
RP311: 5/17/2010 21:32:11 - System Checkpoint
RP312: 5/18/2010 22:25:01 - System Checkpoint
RP313: 5/20/2010 16:38:52 - System Checkpoint
RP314: 5/22/2010 08:16:17 - System Checkpoint
RP315: 5/23/2010 08:49:35 - System Checkpoint
RP316: 5/24/2010 23:06:15 - System Checkpoint
RP317: 5/25/2010 15:41:20 - Software Distribution Service 3.0
RP318: 5/25/2010 15:41:38 - Installed Windows XP KB981793.
RP319: 5/26/2010 17:09:08 - System Checkpoint
RP320: 5/27/2010 17:52:51 - System Checkpoint
RP321: 5/28/2010 22:10:13 - System Checkpoint
RP322: 5/29/2010 22:28:43 - System Checkpoint
RP323: 5/31/2010 06:53:32 - System Checkpoint
RP324: 6/1/2010 16:10:19 - System Checkpoint
RP325: 6/1/2010 20:05:00 - Removed WinZip 12.1
RP326: 6/2/2010 21:09:41 - System Checkpoint
RP327: 6/3/2010 22:05:42 - System Checkpoint
RP328: 6/4/2010 23:13:07 - System Checkpoint
RP329: 6/6/2010 09:59:57 - System Checkpoint
RP330: 6/7/2010 19:07:49 - System Checkpoint
RP331: 6/8/2010 20:14:56 - System Checkpoint
RP332: 6/8/2010 21:06:35 - Software Distribution Service 3.0
RP333: 6/8/2010 21:08:27 - Installed Windows XP KB982381.
RP334: 6/8/2010 21:19:32 - Installed Windows XP KB975562.
RP335: 6/8/2010 21:20:23 - Installed Windows XP KB979482.
RP336: 6/8/2010 21:20:41 - Installed Windows Media Player KB978695.
RP337: 6/8/2010 21:23:46 - Installed Windows XP KB979559.
RP338: 6/8/2010 21:28:29 - Installed Windows XP KB980195.
RP339: 6/8/2010 21:30:47 - Printer Driver Microsoft Office Document Image Writer Installed
RP340: 6/8/2010 21:32:12 - Installed Windows XP KB980218.
RP341: 6/10/2010 17:12:54 - System Checkpoint
RP342: 6/12/2010 15:12:57 - System Checkpoint
RP343: 6/13/2010 16:02:49 - Software Distribution Service 3.0
RP344: 6/14/2010 16:45:46 - System Checkpoint
RP345: 6/15/2010 13:14:35 - Installed QuickBooks
RP346: 6/16/2010 06:43:48 - Software Distribution Service 3.0
RP347: 6/16/2010 06:51:16 - Software Distribution Service 3.0
RP348: 6/17/2010 13:16:31 - System Checkpoint
RP349: 6/18/2010 16:55:26 - System Checkpoint
RP350: 6/19/2010 22:27:03 - System Checkpoint
RP351: 6/20/2010 22:50:53 - System Checkpoint
RP352: 6/22/2010 07:05:02 - System Checkpoint
RP353: 6/23/2010 12:37:38 - Software Distribution Service 3.0
RP354: 6/24/2010 12:58:24 - System Checkpoint
RP355: 6/25/2010 15:06:40 - System Checkpoint
RP356: 6/26/2010 20:16:37 - System Checkpoint
RP357: 6/27/2010 21:59:12 - System Checkpoint
RP358: 6/29/2010 07:07:57 - System Checkpoint
RP359: 6/30/2010 21:13:22 - System Checkpoint
RP360: 7/2/2010 10:35:11 - System Checkpoint
RP361: 7/3/2010 12:41:51 - System Checkpoint
RP362: 7/4/2010 13:35:26 - System Checkpoint
RP363: 7/5/2010 16:46:19 - System Checkpoint
RP364: 7/6/2010 18:10:08 - System Checkpoint
RP365: 7/7/2010 19:10:50 - System Checkpoint
RP366: 7/8/2010 19:47:52 - System Checkpoint
RP367: 7/10/2010 09:37:05 - System Checkpoint
RP368: 7/11/2010 11:54:00 - System Checkpoint
RP369: 7/12/2010 19:06:41 - System Checkpoint
RP370: 7/13/2010 21:16:04 - System Checkpoint
RP371: 7/14/2010 03:01:53 - Software Distribution Service 3.0
RP372: 7/14/2010 03:07:19 - Installed Windows XP KB2229593.
RP373: 7/15/2010 07:59:10 - System Checkpoint
RP374: 7/16/2010 16:50:06 - System Checkpoint
RP375: 7/17/2010 21:09:43 - System Checkpoint
RP376: 7/18/2010 22:43:49 - System Checkpoint
RP377: 7/19/2010 23:11:25 - System Checkpoint
RP378: 7/21/2010 00:26:02 - System Checkpoint
RP379: 7/22/2010 10:10:14 - System Checkpoint
RP380: 7/23/2010 10:49:09 - System Checkpoint
RP381: 7/25/2010 13:25:02 - System Checkpoint
RP382: 7/26/2010 15:09:00 - System Checkpoint
RP383: 7/27/2010 16:27:55 - System Checkpoint
RP384: 7/28/2010 18:32:41 - System Checkpoint
RP385: 7/29/2010 20:30:15 - System Checkpoint
RP386: 7/30/2010 12:37:26 - Installed Microsoft Visual C++ 2005 Redistributable
RP387: 7/30/2010 12:39:13 - Installed SeaTools for Windows
RP388: 7/31/2010 12:05:27 - Software Distribution Service 3.0
RP389: 8/1/2010 14:13:31 - System Checkpoint
RP390: 8/2/2010 18:43:56 - System Checkpoint
RP391: 8/3/2010 08:15:09 - Software Distribution Service 3.0
RP392: 8/3/2010 08:16:43 - Installed Windows XP KB2286198.
RP393: 8/4/2010 10:02:23 - System Checkpoint
RP394: 8/5/2010 20:46:43 - System Checkpoint
RP395: 8/6/2010 22:59:05 - System Checkpoint
RP396: 8/7/2010 23:10:52 - System Checkpoint
RP397: 8/8/2010 23:11:12 - System Checkpoint
RP398: 8/10/2010 18:53:17 - System Checkpoint
RP399: 8/10/2010 19:06:48 - Installed Java(TM) 6 Update 21
RP400: 8/11/2010 20:31:25 - System Checkpoint
RP401: 8/12/2010 18:25:52 - Software Distribution Service 3.0
RP402: 8/12/2010 18:27:54 - Installed Windows XP KB982665.
RP403: 8/12/2010 18:30:03 - Installed Windows XP KB981997.
RP404: 8/12/2010 18:37:43 - Installed Windows XP KB980436.
RP405: 8/12/2010 18:40:05 - Installed Windows XP KB2160329.
RP406: 8/12/2010 18:52:57 - Installed Windows XP KB2079403.
RP407: 8/12/2010 18:55:13 - Installed Windows XP KB981852.
RP408: 8/12/2010 19:07:35 - Printer Driver Microsoft Office Document Image Writer Installed
RP409: 8/12/2010 19:10:13 - Installed Windows XP KB2115168.
RP410: 8/12/2010 19:11:46 - Installed Windows XP KB982214.
RP411: 8/12/2010 19:15:44 - Installed Windows XP KB2183461.
RP412: 8/13/2010 19:17:51 - System Checkpoint
RP413: 8/14/2010 20:40:27 - System Checkpoint
RP414: 8/16/2010 07:53:54 - System Checkpoint
RP415: 8/17/2010 08:58:04 - System Checkpoint
RP416: 8/18/2010 11:07:27 - System Checkpoint
RP417: 8/19/2010 18:51:48 - System Checkpoint
RP418: 8/20/2010 22:46:18 - System Checkpoint
RP419: 8/22/2010 09:19:00 - System Checkpoint
RP420: 8/22/2010 12:43:13 - Installed Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
RP421: 8/23/2010 19:25:22 - System Checkpoint
RP422: 8/24/2010 20:38:30 - Software Distribution Service 3.0
RP423: 8/25/2010 22:37:46 - System Checkpoint
RP424: 8/27/2010 01:10:19 - System Checkpoint
RP425: 8/27/2010 07:53:21 - Installed WinZip 14.0
RP426: 8/28/2010 09:11:18 - Installed HiJackThis
RP427: 8/29/2010 09:39:27 - System Checkpoint
RP428: 8/30/2010 22:30:01 - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Acronis True Image WD Edition
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression 5
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Data Lifeguard Diagnostic for Windows
Data Lifeguard Tools
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
FxFoto by Triscape
Google Earth
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 21
Kensington MouseWorks
Logitech MouseWare 9.79.1
Malwarebytes' Anti-Malware
McAfee Internet Security
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Home and Business 2010 (Beta) - English
Microsoft Office Small Business Edition 2003
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (3.6.4)
Mozilla Thunderbird (3.1.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MV RegClean 5.0 English
MV RegClean 5.9 English
Natural Color
Nero OEM
NVIDIA Display Driver
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
PrimoPDF -- brought to you by Nitro PDF Software
QuickBooks Pro 2007
QuickBooks Product Listing Service
Quicken 2009
QuickTime
SeaTools for Windows
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
SupportSoft Assisted Service
System Requirements Lab
Triscape FxFoto
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

8/28/2010 08:23:19, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
8/28/2010 08:21:36, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/28/2010 08:21:19, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 Fips
8/28/2010 08:21:19, error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
8/27/2010 07:53:43, error: Service Control Manager [7024] - The Java Quick Starter service terminated with service-specific error 1 (0x1).
8/27/2010 07:53:42, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s).
8/26/2010 21:31:45, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/26/2010 21:17:08, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/26/2010 21:17:08, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/26/2010 19:56:36, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
8/26/2010 19:19:06, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
8/26/2010 19:13:23, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/24/2010 20:27:56, error: System Error [1003] - Error code 000000ea, parameter1 899ddda8, parameter2 89d68b68, parameter3 89d74700, parameter4 00000001.
8/24/2010 20:21:05, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.

==== End Of File ===========================
bearmandan
Regular Member
 
Posts: 15
Joined: August 28th, 2010, 9:02 am

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby km2357 » August 31st, 2010, 8:01 pm

Step # 1: Disable Teatimer

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident


Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.


Step # 2: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby bearmandan » August 31st, 2010, 8:23 pm

Was able complete step 1, I am running 1.6 and the icon did change. I am still unable to run (open) Spybot to complete step 2. Please advise.
bearmandan
Regular Member
 
Posts: 15
Joined: August 28th, 2010, 9:02 am

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby km2357 » September 1st, 2010, 2:48 pm

Go ahead and uninstall Spybot S&D, you can reinstall it later.

Then continue on with Step 2 (Running ComboFix)
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby bearmandan » September 1st, 2010, 4:55 pm

I have uninstalled Spybot S&D, disabled McAfee, stopped all running processes. ComboFix will not run. I also cannot access Malwareremoval web site from the affected machine and earlier today I could not access other common sites like craigslist. McAfee also got an error attempting automatic updates earlier in the day. I am having to use an alternate computer to update this post and will have to monitor Yahoo web mail to see your reply.
Bearmandan
bearmandan
Regular Member
 
Posts: 15
Joined: August 28th, 2010, 9:02 am

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby bearmandan » September 1st, 2010, 7:30 pm

I think I got it to run..... I renamed it to combofix1.exe and double clicked and it appears to be running.
I will continue and post results later this evening when it finishes.
bearmandan
Regular Member
 
Posts: 15
Joined: August 28th, 2010, 9:02 am

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby bearmandan » September 1st, 2010, 7:54 pm

It gets to a point where the following is on the screen; "Scanning for infected filed...
This typically doesn't take more than 10 minuets
however, scan time for badly infected machines may easily double"
and the machine reboots.
awaiting next instructions
bearmandan
bearmandan
Regular Member
 
Posts: 15
Joined: August 28th, 2010, 9:02 am

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby km2357 » September 1st, 2010, 8:03 pm

Check either the C:\ComboFix folder or the C:\Qoobox folder for ComboFix.txt, which is the ComboFix Log. If its there, go ahead and post the contents of it in your next post/reply.

If you can't find the ComboFix log, then do the following:

First, delete ComboFix1.exe off of your computer. Then follow the instructions below:


Step # 1: Download and Run ComboFix

Download ComboFix from any of the links below. You must rename it to bearmandan.exe before saving it. Save it to your Desktop.

Link 1
Link 2


Once you've downloaded the renamed ComboFix, boot your computer into Safe Mode (You can go in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter) and run ComboFix from there.

If ComboFix successfully completes its run in Safe Mode, post the resulting log in your next post/reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby bearmandan » September 1st, 2010, 9:35 pm

for what its worth, I uninstalled McAfee and renamed the lavasoft directory to prevent them from running. McAfee was still running items so it was just easier to get rid of it for the time being and as for lavasoft I will reinstall it after things get cleaned up here.
here is the log.
Bearmandan

ComboFix 10-09-01.02 - Daniel Kiernan 09/01/2010 21:20:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1196 [GMT -4:00]
Running from: c:\documents and settings\Daniel Kiernan\Desktop\bearmandan.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Toolbar4
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-08-30 00:50 . 2010-08-30 00:50 388096 ----a-r- c:\documents and settings\Daniel Kiernan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-29 21:58 . 2010-08-29 21:58 -------- d-----w- c:\program files\RootkitRevealer
2010-08-28 13:11 . 2010-08-28 13:11 -------- d-----w- c:\program files\Trend Micro
2010-08-27 11:52 . 2010-08-27 11:53 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BB.TMP
2010-08-27 02:25 . 2010-08-27 02:25 -------- d-----w- c:\program files\GMER
2010-08-26 23:46 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 23:46 . 2010-08-26 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-26 23:46 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 22:21 . 2010-08-23 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-08-23 22:21 . 2010-08-23 22:21 -------- d-----w- c:\documents and settings\Daniel Kiernan\Application Data\MSN6
2010-08-22 16:44 . 2010-08-22 16:44 9062 ----a-r- c:\documents and settings\Daniel Kiernan\Application Data\Microsoft\Installer\{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}\ARPPRODUCTICON.exe
2010-08-22 16:43 . 2010-08-22 16:43 137 ----a-w- c:\documents and settings\Daniel Kiernan\Local Settings\Application Data\fusioncache.dat
2010-08-22 16:43 . 2010-08-22 16:43 -------- d-----w- c:\program files\Pro Imaging Powertoys
2010-08-22 16:43 . 2010-08-22 16:43 -------- d-----w- c:\program files\Common Files\Nikon
2010-08-22 16:37 . 2010-08-22 16:37 -------- d-----w- c:\windows\Downloaded Installations
2010-08-20 17:17 . 2010-08-20 17:23 -------- d-----w- c:\documents and settings\Daniel Kiernan\Local Settings\Application Data\WMTools Downloaded Files
2010-08-19 01:37 . 2010-08-19 01:39 -------- d-----w- c:\program files\QuickTime
2010-08-19 01:37 . 2010-08-19 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-05 16:18 . 2010-08-05 16:18 503808 ----a-w- c:\documents and settings\Daniel Kiernan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6256bd59-n\msvcp71.dll
2010-08-05 16:18 . 2010-08-05 16:18 499712 ----a-w- c:\documents and settings\Daniel Kiernan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6256bd59-n\jmc.dll
2010-08-05 16:18 . 2010-08-05 16:18 348160 ----a-w- c:\documents and settings\Daniel Kiernan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6256bd59-n\msvcr71.dll
2010-08-05 16:18 . 2010-08-05 16:18 12800 ----a-w- c:\documents and settings\Daniel Kiernan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6516fea5-n\decora-d3d.dll
2010-08-05 16:18 . 2010-08-05 16:18 61440 ----a-w- c:\documents and settings\Daniel Kiernan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6516fea5-n\decora-sse.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 01:01 . 2010-02-04 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
2010-09-02 00:50 . 2009-12-20 17:47 -------- d-----w- c:\program files\McAfee
2010-09-02 00:50 . 2009-12-20 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-09-02 00:49 . 2009-12-20 17:42 -------- d-----w- c:\program files\Common Files\McAfee
2010-09-01 20:36 . 2009-12-20 17:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-01 20:34 . 2009-12-20 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-31 21:51 . 2009-12-20 17:40 -------- d-----w- c:\program files\Azureus
2010-08-31 12:06 . 2009-12-20 17:29 -------- d-----w- c:\documents and settings\Daniel Kiernan\Application Data\Azureus
2010-08-10 23:21 . 2009-12-20 17:42 -------- d-----w- c:\program files\Common Files\Java
2010-08-10 23:07 . 2009-12-20 17:45 -------- d-----w- c:\program files\Java
2010-08-07 02:28 . 2009-12-20 17:51 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-31 16:38 . 2009-11-22 13:15 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-07-31 16:38 . 2009-11-22 13:15 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-07-31 15:40 . 2010-07-31 15:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-30 16:39 . 2010-07-30 16:39 -------- d-----w- c:\program files\Seagate
2010-07-30 16:37 . 2010-07-30 16:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-28 14:31 . 2008-11-13 02:50 72160 ----a-w- c:\documents and settings\Daniel Kiernan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-17 09:00 . 2010-05-11 00:03 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 12:05 . 2009-12-20 17:54 -------- d-----w- c:\program files\Unlocker
2010-07-16 11:50 . 2009-12-20 17:47 -------- d-----w- c:\program files\Marcos Velasco Security
2010-07-04 21:17 . 2009-12-20 17:31 -------- d-----w- c:\documents and settings\Daniel Kiernan\Application Data\Thunderbird
2010-06-30 12:31 . 2001-08-23 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2001-08-23 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2008-11-13 02:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2001-08-23 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2001-08-23 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-08-23 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 16:56 . 2010-06-19 17:02 816392 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch2.exe
2010-06-19 16:56 . 2010-06-19 17:02 75280 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch.exe
2010-06-19 16:55 . 2010-06-19 17:02 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\msvcp71.dll
2010-06-19 16:55 . 2010-06-19 17:02 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\msvcr71.dll
2010-06-17 14:03 . 2001-08-23 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 20:29 . 2010-06-16 19:20 2489 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2010-06-15 17:25 . 2010-06-15 17:25 92854 ----a-r- c:\documents and settings\Daniel Kiernan\Application Data\Microsoft\Installer\{054C3038-FFAC-446D-9682-E25891DC2E05}\_2cd672ae.exe
2010-06-14 14:31 . 2008-11-13 02:18 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-14 09:40 . 1993-12-31 07:11 93184 ----a-w- c:\windows\CARDFILE.EXE
2010-06-14 07:41 . 2001-08-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-13 20:39 . 2010-06-27 11:54 15880 ----a-w- c:\windows\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"EPSON Stylus CX3800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jenkat Arcade

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-10 08:57 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-10 09:02 904840 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
2005-02-08 03:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe]
2005-02-03 19:30 106496 ----a-w- c:\windows\system32\kmw_run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-03-03 02:29 2904064 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2004-03-03 02:29 46080 ----a-r- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-03-03 02:29 782336 ----a-r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-10 08:55 1326080 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/13/2010 16:39 64288]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 08:35 819600]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 16:04 447832]
R3 pnicII;Linksys Fast Ethernet PCI Card;c:\windows\system32\drivers\LNE100.SYS [11/12/2008 17:08 20573]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 16:04 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 16:04 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 16:05 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 16:04 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 16:04 203608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/29/2009 18:34 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 05:28 4639136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504]
S4 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-29 22:34]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-29 22:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel
Trusted Zone: adecco.com\*.xpert
Trusted Zone: adecco.com\ak3.xpert
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Daniel Kiernan\Application Data\Mozilla\Firefox\Profiles\nuxnqc0c.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&refresh=1
FF - prefs.js: keyword.URL - hxxp://bing.zugo.com/s/?src=FF-Address& ... -76-0-hduU\n&q=
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 21:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1935655697-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-09-01 21:28:48
ComboFix-quarantined-files.txt 2010-09-02 01:28

Pre-Run: 373,940,445,184 bytes free
Post-Run: 374,265,081,856 bytes free

- - End Of File - - 0193F7A1D03C69941BCAE490CE72BE18
bearmandan
Regular Member
 
Posts: 15
Joined: August 28th, 2010, 9:02 am

Re: Malwarebytes, Spybot S&D will not run Google redirecting

Unread postby km2357 » September 2nd, 2010, 2:48 pm

for what its worth, I uninstalled McAfee....


No problem, that would have been my next suggestion if you couldn't ComboFix to run this time.

Since you removed McAfee, you need a new AntiVirus to replace it, here are a couple of free choices:

1)Antivir PersonalEdition Classic
2)avast! Home Edition

Download and install only one!


Registry Cleaners + "Tweak" Tools

Re. MV RegClean 5.0 English

MV RegClean 5.9 English


I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools

They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/ ... ng_13.html


Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:


  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
  • Now your computer is configured to show all hidden files.

Be sure to re-hide your files once you are finished cleaning your computer.



Step # 1: Deleting Files/Folders

I need you to delete the files/folders I have marked in bold(if found):

c:\program files\Azureus
c:\documents and settings\Daniel Kiernan\Application Data\Azureus


Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Step # 3 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


In your next post/reply, I need to see the following:

1. MalwareBytes' Log
2. A fresh DDS Log
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware