Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware trouble

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware trouble

Unread postby LeeAJD » December 3rd, 2010, 7:35 pm

==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006FB28, Type: Inline - RelativeJump 0x8307CB28-->8307CAD2 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006FCC8, Type: Inline - RelativeJump 0x8307CCC8-->8307CD2C [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateProcess, Type: Inline - RelativeJump 0x832E7E5F-->922A1740 [mfehidk.sys]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x832E7EAA-->922A1754 [mfehidk.sys]
ntkrnlpa.exe-->NtCreateUserProcess, Type: Inline - RelativeJump 0x83262E20-->922A176A [mfehidk.sys]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x8328BF17-->922A17E4 [mfehidk.sys]
ntkrnlpa.exe-->NtSetInformationProcess, Type: Inline - RelativeJump 0x8325A449-->922A177E [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x83288D1C-->922A17FA [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x83038148-->922A17D0 [mfehidk.sys]
[1072]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1072]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1072]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1072]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1072]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1072]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1108]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1108]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1108]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1108]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1108]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1144]svchost.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74FB2BBC-->00000000 [unknown_code_page]
[1144]svchost.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x74FB44B1-->00000000 [unknown_code_page]
[1144]svchost.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x74FB46B7-->00000000 [unknown_code_page]
[1144]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x776D6448-->00000000 [unknown_code_page]
[1144]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776D5380-->00000000 [unknown_code_page]
[1144]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x776D5F00-->00000000 [unknown_code_page]
[1144]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x762FC198-->00000000 [unknown_code_page]
[1144]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1144]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1144]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1144]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1144]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1296]IScheduleSvc.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x73801D18-->00000000 [Pehook.dll]
[1312]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1312]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1312]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1312]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1312]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1312]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1472]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1472]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1472]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1472]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1472]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1628]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1628]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1628]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1628]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1628]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1952]McProxy.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [McProxy.exe]
[1952]McProxy.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [McProxy.exe]
[1968]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[1968]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[1968]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[1968]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[2084]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[2084]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[2084]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[2084]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[2084]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[2752]explorer.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74FB2BBC-->00000000 [unknown_code_page]
[2752]explorer.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x74FB44B1-->00000000 [unknown_code_page]
[2752]explorer.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x74FB46B7-->00000000 [unknown_code_page]
[2752]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x776D6448-->00000000 [unknown_code_page]
[2752]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776D5380-->00000000 [unknown_code_page]
[2752]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x776D5F00-->00000000 [unknown_code_page]
[2752]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[2752]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[2752]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[2752]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[2752]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[3400]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[3400]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[3400]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[3400]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[3400]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[3776]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[3776]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[3776]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[3776]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[3776]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[3896]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[3896]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[3896]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[3896]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[3984]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x76324B3B-->00000000 [xul.dll]
[4904]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[4904]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[4904]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[4904]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[4904]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[4904]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[5232]firefox.exe-->gdi32.dll-->BitBlt, Type: Inline - PushRet 0x763C7180-->00000000 [unknown_code_page]
[5232]firefox.exe-->gdi32.dll-->user32.dll-->GetWindowRect, Type: IAT modification 0x77B611F8-->00000000 [unknown_code_page]
[5232]firefox.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74FB2BBC-->00000000 [unknown_code_page]
[5232]firefox.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x74FB44B1-->00000000 [unknown_code_page]
[5232]firefox.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x74FB46B7-->00000000 [unknown_code_page]
[5232]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x776D6448-->00000000 [unknown_code_page]
[5232]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x776D5F00-->00000000 [unknown_code_page]
[5232]firefox.exe-->shell32.dll-->user32.dll-->GetWindowRect, Type: IAT modification 0x73802004-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->DdeInitializeW, Type: Inline - PushRet 0x762F6048-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->DispatchMessageW, Type: Inline - PushRet 0x76308E8D-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->GetClipboardData, Type: Inline - PushRet 0x76314B47-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->GetMessageW, Type: Inline - PushRet 0x76308F97-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->RegisterClassExW, Type: Inline - PushRet 0x7630212B-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->TranslateMessage, Type: Inline - PushRet 0x7630910F-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[616]services.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[616]services.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[616]services.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[616]services.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[616]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[648]lsass.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[648]lsass.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[648]lsass.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[648]lsass.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[648]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[816]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[816]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[816]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[816]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[816]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[888]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm
Advertisement
Register to Remove

Re: Malware trouble

Unread postby Cypher » December 4th, 2010, 6:38 am

Hi LeeAJD.
We need to run ComboFix again.
Give me another update on the redirects after this fix.

Please download DeFogger to your desktop.

Right click DeFogger And select " Run as administrator " to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next..

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    TDL:: 
    C:\Windows\system32\drivers\ndis.sys
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 4th, 2010, 7:39 am

Ok, so I started running ComboFix and I think it got to stage 2 then my computer crashed and went to the blue 'dump screen' and restarted.

Seems to have to started back up again OK. Should I run it again?
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 4th, 2010, 7:52 am

Hi LeeAJD.
Yes run it again with the instructions i provided.
Be sure to disable McAfee SecurityCenter first.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 4th, 2010, 8:54 pm

ComboFix Log

ComboFix 10-12-02.05 - Alex 04/12/2010 12:01:45.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3001.2108 [GMT 0:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
Command switches used :: c:\users\Alex\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 12:22 . 2010-12-04 12:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-04 12:22 . 2010-12-04 12:22 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-12-04 12:22 . 2010-12-04 12:22 -------- d-----w- c:\users\TEMP.Alex-PC\AppData\Local\temp
2010-12-04 12:22 . 2010-12-04 12:22 -------- d-----w- c:\users\Mcx1-ALEX-PC\AppData\Local\temp
2010-12-04 12:22 . 2010-12-04 12:22 -------- d-----w- c:\users\Mcx1-ALEX-PC.Alex-PC\AppData\Local\temp
2010-12-04 12:22 . 2010-12-04 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-03 13:39 . 2010-12-04 12:22 -------- d-----w- c:\users\Alex\AppData\Local\temp
2010-12-02 15:21 . 2010-12-02 15:22 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-12-02 11:58 . 2010-12-02 11:58 -------- d-----w- c:\users\Alex\AppData\Roaming\WinPatrol
2010-12-02 11:58 . 2010-12-02 11:58 -------- d-----w- c:\program files\BillP Studios
2010-12-02 11:58 . 2010-12-02 11:58 -------- d-----w- c:\programdata\InstallMate
2010-12-02 11:52 . 2010-12-02 11:54 -------- d-----w- c:\program files\SpywareBlaster
2010-12-01 19:19 . 2010-12-01 19:19 -------- d-----w- c:\program files\Common Files\Java
2010-12-01 12:02 . 2010-12-01 12:02 -------- d-----w- c:\program files\alot
2010-12-01 12:01 . 2010-12-01 12:01 -------- d-----w- c:\program files\WhiteSmoke
2010-11-30 18:43 . 2010-11-30 18:43 -------- d-----w- c:\program files\ERUNT
2010-11-30 13:57 . 2010-12-01 19:05 -------- d-----w- c:\program files\trend micro
2010-11-30 12:16 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 12:15 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-20 14:28 . 2010-12-02 11:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-11-20 14:21 . 2010-11-20 14:21 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2010-11-20 14:21 . 2010-11-20 14:21 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2010-11-20 06:51 . 2010-11-25 09:33 -------- d-----w- c:\users\Alex\AppData\Roaming\Gireo
2010-11-20 06:51 . 2010-11-20 06:51 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-11-16 23:20 . 2010-11-16 23:20 -------- d-----w- c:\program files\iPod
2010-11-11 16:36 . 2010-07-28 19:10 1380352 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-11-11 16:36 . 2010-03-01 20:51 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
2010-11-11 16:36 . 2010-11-11 16:36 -------- d-----w- c:\program files\BRS
2010-11-11 16:33 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-11 16:33 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-11-11 16:33 . 2010-11-11 16:34 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-11-11 16:33 . 2010-11-11 16:33 -------- d-----w- c:\windows\system32\xlive
2010-11-11 16:24 . 2010-11-11 16:24 -------- d-----w- c:\program files\Codemasters
2010-11-11 16:00 . 2010-11-11 16:00 -------- d-----w- c:\program files\Elaborate Bytes
2010-11-10 12:49 . 2010-11-10 12:49 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-10 12:49 . 2010-11-10 12:49 135568 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-01 19:19 . 2010-05-23 15:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-10 19:42 . 2010-10-18 23:45 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-04 21:58 . 2009-12-07 09:54 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-09-28 15:44 . 2010-09-28 15:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 15:44 . 2010-09-28 15:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-06-17 19:31 . 2010-06-17 19:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-02_18.23.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-30 15:57 . 2010-12-03 12:14 43076 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-12-04 11:38 48034 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-12 15:35 . 2010-12-04 11:38 10426 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-56358666-3744733117-3476403463-1000_UserData.bin
- 2010-07-23 22:26 . 2010-12-02 16:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-07-23 22:26 . 2010-12-02 22:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2010-12-04 03:15 . 2010-12-03 22:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010120420101205\index.dat
+ 2010-12-03 20:01 . 2010-12-03 19:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010120320101204\index.dat
- 2010-07-02 19:52 . 2010-12-02 17:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-07-02 19:52 . 2010-12-03 20:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-02-12 15:24 . 2010-12-04 11:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-12 15:24 . 2010-12-02 16:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-12-03 11:57 78432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-02-12 15:24 . 2010-12-04 11:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-12 15:24 . 2010-12-02 16:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-12 15:24 . 2010-12-02 16:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-12 15:24 . 2010-12-04 11:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-12 19:01 . 2010-12-04 11:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-12 19:01 . 2010-12-02 16:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-12 19:01 . 2010-12-02 16:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-12 19:01 . 2010-12-04 11:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-02 16:32 . 2010-12-02 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-03 12:12 . 2010-12-04 11:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-02 16:32 . 2010-12-02 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-03 12:12 . 2010-12-04 11:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-12 19:00 . 2010-12-04 11:25 300084 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-02-12 15:21 . 2010-12-02 17:25 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-12 15:21 . 2010-12-04 04:04 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-02-12 14:27 . 2010-12-02 18:03 212992 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-12 14:27 . 2010-12-04 11:36 212992 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:41 . 2010-12-02 18:03 524288 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-12-04 11:36 524288 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:03 . 2010-12-02 16:47 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-12-03 12:24 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-02-12 14:27 . 2010-12-04 11:36 2424832 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-06 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 150552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-23 232912]

c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch WhiteSmoke.lnk - c:\program files\WhiteSmoke\WSEnrichment.exe [2010-11-10 2170880]

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-21 44432]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-17 30192]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 16896]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-04 436792]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-10-03 59240]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-02 390528]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [2010-10-03 34792]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-26 690720]
S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-16 537520]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]


--- Other Services/Drivers In Memory ---

*Deregistered* - mwlPSDFilter
*Deregistered* - mwlPSDNServ
*Deregistered* - mwlPSDVDisk
.
Contents of the 'Scheduled Tasks' folder

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 09:43]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 09:43]

2010-10-18 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-18 11:22]

2010-10-18 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-18 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7735
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4qqrwy1e.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {9B3371F8-9E72-429F-90C6-F97EF776E86C} - c:\windows\system32\config\systemprofile\AppData\Local\{9B3371F8-9E72-429F-90C6-F97EF776E86C}\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x871EAEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x885b4872; SUB DWORD [EBP-0x4], 0x885b412e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x83041458] -> \Device\Harddisk0\DR0[0x8728FAA0]
3 CLASSPNP[0x8B60459E] -> ntkrnlpa!IofCallDriver[0x83041458] -> \IAAStorageDevice-1[0x86826028]
[0x875C5790] -> IRP_MJ_CREATE -> 0x871EAEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#4&11dfb34e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(18784)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Completion time: 2010-12-04 13:14:53
ComboFix-quarantined-files.txt 2010-12-04 13:14
ComboFix2.txt 2010-12-03 13:38
ComboFix3.txt 2010-12-02 19:20

Pre-Run: 210,427,400,192 bytes free
Post-Run: 210,465,296,384 bytes free

- - End Of File - - 4E7C5EC0B1920CEBE3C8C0A50CAE4214
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 5th, 2010, 6:33 am

Hi LeeAJD.
Can you give me an update please any more popups or redirects?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 5th, 2010, 8:19 am

I managed to get through about 4 searches without it redirecting but on the last one I did I ended up at some other site!
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 5th, 2010, 10:59 am

Hi LeeAJD.

Click on Start > All programs > Accessories > Run.
copy/paste the following command into the box and press OK:
copy C:\Windows\system32\drivers\ndis.sys c:\ndis.sys

You should receive a message that "1 file" has been copied.

Next.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    ndis.*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 5th, 2010, 11:10 am

When I try the first step I get this message:

"Windows cannot find 'copy'. Make sure you typed the name correctly, then try again."
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 5th, 2010, 11:17 am

Sorry my mistake try this.

First open an elevated command prompt like so:
Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Highlight and Copy the contents of the code box below, then right click inside the command window and select Paste.
copy C:\Windows\system32\drivers\ndis.sys c:\ndis.sys

press <Enter>
type exit to close the command window.

Now run SystemLook and post the resulting log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 5th, 2010, 11:22 am

SystemLook Log

SystemLook 04.09.10 by jpshortstuff
Log created at 15:20 on 05/12/2010 by Alex
Administrator - Elevation successful

========== filefind ==========

Searching for "ndis.*"
C:\ndis.sys --a---- 710720 bytes [15:20 05/12/2010] [01:20 14/07/2009] 23759D175A0A9BAAF04D05047BC135A8
C:\Windows\ERDNT\cache\ndis.sys --a---- 710720 bytes [19:06 30/11/2010] [01:20 14/07/2009] 23759D175A0A9BAAF04D05047BC135A8
C:\Windows\System32\drivers\ndis.sys --a---- 710720 bytes [23:12 13/07/2009] [01:20 14/07/2009] 23759D175A0A9BAAF04D05047BC135A8
C:\Windows\System32\drivers\en-US\ndis.sys.mui --a---- 35328 bytes [04:54 14/07/2009] [02:01 14/07/2009] 2A73CDAF528D477CEB91D0D39DD21ADD
C:\Windows\winsxs\x86_microsoft-windows-ndis.resources_31bf3856ad364e35_6.1.7600.16385_en-us_75f0ec5155052b38\ndis.sys.mui --a---- 35328 bytes [04:54 14/07/2009] [02:01 14/07/2009] 2A73CDAF528D477CEB91D0D39DD21ADD
C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys --a---- 710720 bytes [23:12 13/07/2009] [01:20 14/07/2009] 23759D175A0A9BAAF04D05047BC135A8

-= EOF =-
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 5th, 2010, 11:57 am

Hi LeeAJD.
Good work so far well done.

We need to replace a file using the Windows 7 System Recovery Option.
Please follow these instructions carefully then give me an update on the redirects.

Restart your computer and begin tapping the F8 key to enable the Advanced Start menu > select Repair your computer
At the System Recovery options screen select Command prompt .

Type the following at the first prompt and hit Enter.

ren C:\windows\system32\drivers\ndis.sys ndis.sys.vir

Then type the following and hit Enter

copy C:\ndis.sys C:\windows\system32\drivers


You should receive a message that "1 file" has been copied.

Finally type exit > hit Enter > click Restart at the main screen, and restart the pc normally.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 5th, 2010, 4:19 pm

That seems to have done it! I've tried about 10 searches and they've all worked fine.

Absolutely brilliant! Thank you very much. I really appreciate all your help!
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm

Re: Malware trouble

Unread postby Cypher » December 6th, 2010, 6:18 am

Hi LeeAJD.
That seems to have done it! I've tried about 10 searches and they've all worked fine.

Excellent well done :)
Thank you very much. I really appreciate all your help!

You're welcome.
Please run ComboFix again for me a post the log in your next reply.
Remember to disable McAfee SecurityCenter first.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware trouble

Unread postby LeeAJD » December 7th, 2010, 4:51 pm

ComboFix seems to have dissappeared from my desktop! I don't remember deleting it. Is it OK to download it again and run?

My laptop has, however, managed to install Windows updates now.
LeeAJD
Regular Member
 
Posts: 47
Joined: November 24th, 2010, 6:28 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 484 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware