Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trouble with searcheworld

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trouble with searcheworld

Unread postby Pollux.Castor » April 28th, 2009, 7:55 am

Hi,

I've tried all the things I can think of and they don't find anything. On some infrequent interval I find myself suddenly on some web site I didn't go to, for instance, searcheworld. This may be unrelated, but ever so often the computer goes on vacation for 2-3 minutes (harddrive thrashing), and it does not respond to mouse or keyboard till it's done.

I do access the internet via a router.

I seem to be having MORE trouble since starting to use Firefox.

I have VM Ware installed.

Here's my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:34 AM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 0114705218
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0114681687
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 7879 bytes
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm
Advertisement
Register to Remove

Re: Trouble with searcheworld

Unread postby MWR 3 day Mod » May 2nd, 2009, 6:29 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Trouble with searcheworld

Unread postby Odd dude » May 2nd, 2009, 3:09 pm

Hello and welcome to the forums!

I'm Odd dude, pleased to meet you; if it helps, you can call me OD ;). I will be helping you with your infection. However, it is important to take note of the following - quite the wall of text, I know, but please bear with me:

  • Logs from malware removal programs (Hijackthis is one of them) can take some time to analyze. I need you to be patient whilst I analyze any logs you post.
  • Please carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Only YOU must use these instructions, they are not suitable for any other computer, similar issues or not.
  • Do not do things I do not ask for, such as running a spyware scan. The one thing you should always do, though, is making sure that your antivirus definitions are up-to-date!
  • If I tell you to download a tool which you already have, please re-download it and do not use the copy you already have. This is because the tools are updated regularly.
  • In Windows Vista, all tools need to be started by right clicking and selecting Run as administrator!
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within five days
    . I will post a reminder should you seem to fail to do this, however, if you fail to reply within five days then, unless I have been notified of your absence in advance, the topic shall be closed!
  • Lastly, I am no magican. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

Let's get started:

GMER
Do not touch the computer while GMER is running! If you do, it'll go completely unresponsive and you'll have to shut it down using the power switch. Just don't touch the PC while GMER is working.
Please download gmer.zip by GMER and save it to your desktop.

  • Right click the file you just downloaded and choose Extract all
  • Click Next
  • Click Browse
  • Click the + next to My Computer
  • Click Local Disk (C:)
  • Click Make new folder
  • Enter GMER
  • Click OK, then Next
  • Check Show extracted files and click Finish
  • Double click on GMER.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the GMER scan log and post it in your next reply.
  • Close GMER.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Trouble with searcheworld

Unread postby Pollux.Castor » May 3rd, 2009, 7:09 am

Thank you for your time, it is much appreciated.

The following GMER log was in notepad twice. I saved the two sections separately, then did a compare with fc. They were identical, so I only posted one. Maybe I pasted it in twice. Another HJT log follows in another post.
Here's the GMER log:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-03 06:26:24
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF842D0D0]
SSDT sptd.sys ZwEnumerateKey [0xF8432FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8433340]
SSDT sptd.sys ZwOpenKey [0xF842D0B0]
SSDT sptd.sys ZwQueryKey [0xF8433418]
SSDT sptd.sys ZwQueryValueKey [0xF8433298]
SSDT sptd.sys ZwSetValueKey [0xF84334AA]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEFC1BF20]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEFB374EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEFB37498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEFB374AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEFB3759B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEFB375C7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEFB3752A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEFB37661]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEFB37470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEFB37484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEFB374FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEFB37609]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEFB375B1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEFB37689]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEFB37675]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEFB374D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEFB374C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEFB37559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEFB3764B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEFB37540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEFB37514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F8B8D 7 Bytes JMP EFB37518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056BDCD 5 Bytes JMP EFB374C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056FC78 5 Bytes JMP EFB374EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80571F71 2 Bytes JMP EFB37544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection + 3 80571F74 2 Bytes [5C, 6F] {POP ESP; OUTSD }
PAGE ntoskrnl.exe!NtMapViewOfSection 805723EC 7 Bytes JMP EFB3752E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80572D86 5 Bytes JMP EFB37474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80573135 7 Bytes JMP EFB37502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581F0E 7 Bytes JMP EFB374B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805847CC 5 Bytes JMP EFB3755D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058C892 5 Bytes JMP EFB37488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80590EA2 5 Bytes JMP EFB37665 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80593B38 7 Bytes JMP EFB375CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805951C2 7 Bytes JMP EFB3759F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B0B34 5 Bytes JMP EFB3749C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062C4B3 5 Bytes JMP EFB374DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064C148 5 Bytes JMP EFB37679 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064C421 7 Bytes JMP EFB3764F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064CCF0 7 Bytes JMP EFB3760D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064D137 7 Bytes JMP EFB375B5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064D62A 5 Bytes JMP EFB3768D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F81DB62C 5 Bytes JMP 8220F770
? System32\Drivers\a1fsqa07.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007F0F69
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007F0F7A
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007F0054
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007F0F97
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007F0FA8
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007F00B1
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007F008A
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007F0F3D
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007F0F4E
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007F0F2C
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007F002F
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007F0FDE
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 007F0079
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 007F001E
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 007F0FCD
.text C:\WINDOWS\System32\svchost.exe[196] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007F00CC
.text C:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 007E0F8A
.text C:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!RegOpenKeyExA 77DD7832 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 007E0036
.text C:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 007E0025
.text C:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 007E0FAF
.text C:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 007E0000
.text C:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 007E0051
.text C:\WINDOWS\System32\svchost.exe[196] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 007E0FD4
.text C:\WINDOWS\System32\svchost.exe[196] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007D0055
.text C:\WINDOWS\System32\svchost.exe[196] msvcrt.dll!system 77C293C7 5 Bytes JMP 007D0044
.text C:\WINDOWS\System32\svchost.exe[196] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007D0018
.text C:\WINDOWS\System32\svchost.exe[196] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\System32\svchost.exe[196] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007D0033
.text C:\WINDOWS\System32\svchost.exe[196] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007D0FDE
.text C:\WINDOWS\System32\svchost.exe[196] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 015E0000
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 015E007F
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 015E0F94
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 015E0062
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 015E0FAF
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 015E0051
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 015E00A1
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 015E0090
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015E00D4
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015E00C3
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 015E00E5
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 015E0FCA
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 015E0011
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 015E0F6F
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 015E0040
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 015E0FE5
.text C:\WINDOWS\Explorer.EXE[584] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 015E00B2
.text C:\WINDOWS\Explorer.EXE[584] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 015C0011
.text C:\WINDOWS\Explorer.EXE[584] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 015C0051
.text C:\WINDOWS\Explorer.EXE[584] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 015C0000
.text C:\WINDOWS\Explorer.EXE[584] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 015C0FCA
.text C:\WINDOWS\Explorer.EXE[584] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 015C0F8A
.text C:\WINDOWS\Explorer.EXE[584] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 015C0FEF
.text C:\WINDOWS\Explorer.EXE[584] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 015C0FAF
.text C:\WINDOWS\Explorer.EXE[584] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 015C0036
.text C:\WINDOWS\Explorer.EXE[584] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 015B0049
.text C:\WINDOWS\Explorer.EXE[584] msvcrt.dll!system 77C293C7 5 Bytes JMP 015B0FBE
.text C:\WINDOWS\Explorer.EXE[584] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 015B001D
.text C:\WINDOWS\Explorer.EXE[584] msvcrt.dll!_open 77C2F566 5 Bytes JMP 015B0FEF
.text C:\WINDOWS\Explorer.EXE[584] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 015B002E
.text C:\WINDOWS\Explorer.EXE[584] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 015B000C
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 015D0000
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 015D001B
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 015D0036
.text C:\WINDOWS\Explorer.EXE[584] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 015D0FE5
.text C:\WINDOWS\Explorer.EXE[584] SHELL32.dll!SHFileOperationW 7CA6FDEE 5 Bytes JMP 01211102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\WINDOWS\Explorer.EXE[584] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01460FEF
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F4000A
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F40F7E
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F40069
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F40058
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F40FA5
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F40FB6
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F40F57
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F4009F
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F40F46
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F400DF
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00F40F21
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00F40047
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F4001B
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00F4008E
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00F40FDB
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00F4002C
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00F400BA
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A40FC3
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A40F79
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A4000A
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A40F8A
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A40036
.text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\services.exe[852] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A30F7F
.text C:\WINDOWS\system32\services.exe[852] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A30F90
.text C:\WINDOWS\system32\services.exe[852] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A30FBC
.text C:\WINDOWS\system32\services.exe[852] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\services.exe[852] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A30FAB
.text C:\WINDOWS\system32\services.exe[852] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\services.exe[852] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C7000A
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C70F80
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C70075
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C70F9B
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C70058
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C70047
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C700A1
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C70F59
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C700B2
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C70F23
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C70F08
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C70FB6
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C7001B
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C70090
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C70036
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C70FE5
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C70F34
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00C60051
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00C6007D
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00C60040
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00C6001B
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00C60FC0
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00C6006C
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\lsass.exe[864] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C50040
.text C:\WINDOWS\system32\lsass.exe[864] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C50FAB
.text C:\WINDOWS\system32\lsass.exe[864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C50FC6
.text C:\WINDOWS\system32\lsass.exe[864] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\lsass.exe[864] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C50025
.text C:\WINDOWS\system32\lsass.exe[864] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C50FE3
.text C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C40000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[996] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[996] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A7007D
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A70F92
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A7006C
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A70FB9
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A70FCA
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A70F6B
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A700B3
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A70F3F
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A70F50
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A70F2E
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A7005B
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A70011
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A70098
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A70FDB
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A7002C
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A700C4
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A60040
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A60FC3
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A6002F
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A60014
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A60080
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A60FDE
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A60065
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50050
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50FCF
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A5002E
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A5003F
.text C:\WINDOWS\system32\svchost.exe[1032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A5001D
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C50F83
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C50082
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C50F9E
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C50FAF
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C50FDB
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C500BA
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C50F72
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C50F2B
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C50F3C
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C500DF
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C50FC0
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C5001B
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C50093
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C5003D
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C5002C
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C50F4D
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00C40FA8
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00C40040
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00C4005B
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00C40FC3
.text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00C40FDE
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C3004A
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30025
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30FB5
.text C:\WINDOWS\system32\svchost.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C30FC6
.text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A30F70
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A3005B
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A3004A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A30F8D
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A30025
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A3009B
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A3008A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A30F02
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A30F27
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A30EF1
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A30F9E
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A30FD4
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A30F5F
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A30014
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A30FC3
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A30F38
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A20FCA
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A20F94
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A2001B
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A2000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A20047
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A20FE5
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A20036
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A20FB9
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10044
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10029
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FD4
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A1000C
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A10FC3
.text C:\WINDOWS\System32\svchost.exe[1332] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A10FEF
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E60000
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E60073
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E60F7E
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E60062
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E60FAF
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E60040
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E60F3C
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E60F63
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E60EFF
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E60F10
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E600B3
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E60051
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E60FDB
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E6008E
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E6001B
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E60FCA
.text C:\Program Files\Messenger\msmsgs.exe[1408] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E60F2B
.text C:\Program Files\Messenger\msmsgs.exe[1408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E3005F
.text C:\Program Files\Messenger\msmsgs.exe[1408] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E30044
.text C:\Program Files\Messenger\msmsgs.exe[1408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E30018
.text C:\Program Files\Messenger\msmsgs.exe[1408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E30FEF
.text C:\Program Files\Messenger\msmsgs.exe[1408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E30029
.text C:\Program Files\Messenger\msmsgs.exe[1408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E30FDE
.text C:\Program Files\Messenger\msmsgs.exe[1408] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00E4001B
.text C:\Program Files\Messenger\msmsgs.exe[1408] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00E40062
.text C:\Program Files\Messenger\msmsgs.exe[1408] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00E40FCA
.text C:\Program Files\Messenger\msmsgs.exe[1408] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00E4000A
.text C:\Program Files\Messenger\msmsgs.exe[1408] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00E40051
.text C:\Program Files\Messenger\msmsgs.exe[1408] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00E40FEF
.text C:\Program Files\Messenger\msmsgs.exe[1408] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00E40040
.text C:\Program Files\Messenger\msmsgs.exe[1408] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00E40FAF
.text C:\Program Files\Messenger\msmsgs.exe[1408] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E20FEF
.text C:\Program Files\Messenger\msmsgs.exe[1408] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00E50000
.text C:\Program Files\Messenger\msmsgs.exe[1408] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00E50FE5
.text C:\Program Files\Messenger\msmsgs.exe[1408] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00E50FCA
.text C:\Program Files\Messenger\msmsgs.exe[1408] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 00E50FB9
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A00000
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A00079
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A00F7A
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A00F8B
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A00FB2
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A00F58
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A00094
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A00F33
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A000CC
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A000DD
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A00FC3
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A00025
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A00F69
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A0004A
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A000BB
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 009E0051
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 009E0FAC
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 009E0040
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 009E0025
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 009E0073
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 009E000A
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 009E0FD1
.text C:\WINDOWS\System32\svchost.exe[1556] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 009E0062
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009D0FC7
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!system 77C293C7 5 Bytes JMP 009D005C
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009D003A
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009D000C
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009D004B
.text C:\WINDOWS\System32\svchost.exe[1556] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009D0029
.text C:\WINDOWS\System32\svchost.exe[1556] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 009F0000
.text C:\WINDOWS\System32\svchost.exe[1556] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 009F001B
.text C:\WINDOWS\System32\svchost.exe[1556] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 009F0FDB
.text C:\WINDOWS\System32\svchost.exe[1556] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 009F002C
.text C:\WINDOWS\System32\svchost.exe[1556] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009C0000
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01A20FEF
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01A20F52
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01A20F6D
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01A20047
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01A20F8A
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01A20036
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01A2009A
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01A20089
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01A20F1C
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01A200BF
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01A20F0B
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01A20FAF
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01A2000A
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01A2006C
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01A20025
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01A20FD4
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01A20F41
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A40FB2
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A4004A
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A40FC3
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A40039
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A40FE5
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A40F97
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A4001E
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A30042
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A30FC1
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A30FD2
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A30000
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A30031
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A30FE3
.text C:\WINDOWS\System32\svchost.exe[1724] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A20000
.text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00A50FD4
.text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00A50000
.text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenUrlW 780BAF69 5 Bytes JMP 00A50025
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00870000
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00870067
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00870F72
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00870F83
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00870F9E
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00870036
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00870F30
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00870078
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00870EFD
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00870F0E
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008700B1
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00870FAF
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00870FE5
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00870F4D
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00870FD4
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00870025
.text C:\WINDOWS\System32\svchost.exe[1812] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00870F1F
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00860FB9
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00860036
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00860FD4
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00860FE5
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00860F79
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00860000
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00860025
.text C:\WINDOWS\System32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00860FA8
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00850F92
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!system 77C293C7 5 Bytes JMP 00850027
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00850FD2
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00850FEF
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00850FC1
.text C:\WINDOWS\System32\svchost.exe[1812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0085000C
.text C:\WINDOWS\System32\svchost.exe[1812] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F37
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B002C
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F5E
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0F6F
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FA5
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0069
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0058
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B008B
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0EFC
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B00A6
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0F94
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B0FC0
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B0011
.text C:\WINDOWS\system32\wuauclt.exe[3068] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B007A
.text C:\WINDOWS\system32\wuauclt.exe[3068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0029002E
.text C:\WINDOWS\system32\wuauclt.exe[3068] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FAD
.text C:\WINDOWS\system32\wuauclt.exe[3068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FD2
.text C:\WINDOWS\system32\wuauclt.exe[3068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\wuauclt.exe[3068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0029001D
.text C:\WINDOWS\system32\wuauclt.exe[3068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0029000C
.text C:\WINDOWS\system32\wuauclt.exe[3068] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\system32\wuauclt.exe[3068] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002A0036
.text C:\WINDOWS\system32\wuauclt.exe[3068] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3068] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\system32\wuauclt.exe[3068] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002A0025
.text C:\WINDOWS\system32\wuauclt.exe[3068] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3068] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002A000A
.text C:\WINDOWS\system32\wuauclt.exe[3068] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002A0F83
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E40093
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E40078
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E40F9E
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E40FAF
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E4005B
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E400A4
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E40F5C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E400D7
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E400C6
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E400E8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E40FCA
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E40025
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E40F79
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E40036
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E400B5
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] MSVCRT.dll!_wsystem 77C2931E 5 Bytes JMP 00D90FC8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] MSVCRT.dll!system 77C293C7 5 Bytes JMP 00D90049
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] MSVCRT.dll!_creat 77C2D40F 5 Bytes JMP 00D9001D
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] MSVCRT.dll!_open 77C2F566 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] MSVCRT.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D90038
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] MSVCRT.dll!_wopen 77C30055 5 Bytes JMP 00D90FE3
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00DA0F6F
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00DA0FAF
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00DA0FCA
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00DA0F8A
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00DA0036
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00DA001B
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[3208] WS2_32.DLL!socket 71AB3B91 5 Bytes JMP 00D80FE5

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F844406C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8444018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84669AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F844406C] sptd.sys
IAT atapi.sys[ntoskrnl.exe!KeInitializeDpc] 823D7448
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F842DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F842DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F842E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F842E61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F844329A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[1348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 823D61E8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{A7D9B8FC-079A-41D2-B567-BDDB50AE4953} 821D25F8
Device \Driver\usbuhci \Device\USBPDO-0 82211790
Device \Driver\usbuhci \Device\USBPDO-1 82211790
Device \Driver\usbuhci \Device\USBPDO-2 82211790
Device \Driver\usbehci \Device\USBPDO-3 8220C1E8

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{536FE13F-F252-499C-9BAB-DB89DDB7C4F6} 821D25F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8236B1E8
Device \Driver\Cdrom \Device\CdRom0 821E91E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 823D71E8
Device \Driver\atapi \Device\Ide\IdePort0 823D71E8
Device \Driver\atapi \Device\Ide\IdePort1 823D71E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 823D71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 821D25F8
Device \Driver\NetBT \Device\NetbiosSmb 821D25F8
Device \Driver\PCI_NTPNP9686 \Device\0000004d sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbhub \Device\0000006a hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000006b hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 82211790
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000006c hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 82211790
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 82211790
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82009790
Device \Driver\usbehci \Device\USBFDO-3 8220C1E8
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82009790
Device \Driver\NetBT \Device\NetBT_Tcpip_{508CCC94-E128-4DF1-AE6C-0F87491505E0} 821D25F8
Device \Driver\Ftdisk \Device\FtControl 8236B1E8
Device \Driver\a1fsqa07 \Device\Scsi\a1fsqa071 821BC790
Device \FileSystem\Cdfs \Cdfs 821E2790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA5 0xC9 0xED 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA5 0xC9 0xED 0x42 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Re: Trouble with searcheworld

Unread postby Pollux.Castor » May 3rd, 2009, 7:10 am

And the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:38 AM, on 5/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 0114705218
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0114681687
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 7832 bytes
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Re: Trouble with searcheworld

Unread postby Odd dude » May 3rd, 2009, 8:22 am

Only glad to help :)

Do the issues arise in both your regular browser and Firefox or in Firefox only?

Click start>run, paste this into the run box:
Code: Select all
regedit /e "%USERPROFILE%\Desktop\Results.txt" "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"

click OK.

now please paste in your next post the contents of Results.txt which should have appeared on your desktop.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Trouble with searcheworld

Unread postby Pollux.Castor » May 3rd, 2009, 3:21 pm

I have only seen this happening using Firefox. However, Firefox is the only browser I have been using, I haven't needed to use IE.

It could be possible that the page I was trying to access redirected me to the searcheworld, or if while the mouse was passing over an ad on Facebook, the mouse sent an erroneous mouse click. Like I said, it happens very infrequently.

Also one of the last things I tried before getting help was to clear the history and cache, that seemed to help somewhat with the nonresponsiveness.

You had asked that I not do any unrequested scans; McAfee does a virus scan on Friday morning that I have been unable to modify (change the start time or cancel).

Here's the contents of the file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"wave"="serwvdrv.dll"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.l3acm"="C:\\WINDOWS\\System32\\l3codeca.acm"
"msacm.siren"="sirenacm.dll"
"MSVideo8"="VfWWDM32.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Re: Trouble with searcheworld

Unread postby Odd dude » May 4th, 2009, 3:29 am

You had asked that I not do any unrequested scans; McAfee does a virus scan on Friday morning that I have been unable to modify (change the start time or cancel).
I understand, it's fine.

GooredFix
Download GooredFix and save it to your desktop.
  • Double click the tool to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing enter
  • A log will open, copy and paste its contents in your next reply. The log is also copied onto your desktop, with a name of Goored.txt
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Trouble with searcheworld

Unread postby Pollux.Castor » May 4th, 2009, 8:18 am

Here is the log:

GooredFix v1.92 by jpshortstuff
Log created at 08:11 on 04/05/2009 running Option #1 (Owner)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Re: Trouble with searcheworld

Unread postby Odd dude » May 4th, 2009, 1:35 pm

Hi,

Every log you have posted so far is looking clean. This means the issues may not be related to malware.

As you said yourself, the redirect might have been an innocent one-time event, but just to be sure I've asked some advice from the other removers and the teachers here, and it has been suggested that, just to be sure, you should reset your router.
Unfortunately, I cannot provide instructions for that - I recommend consulting the manual which should have come with the router or googling around.

After resetting the router, please click start>run, copy and paste this, click ok:
Code: Select all
cmd /c for %i in (flush register) do ipconfig /%idns
A black box will flash briefly and that'll be it.

I would like to run one last check to be absolutely sure there's nothing hiding, also to check for any outdated software on your PC which might pose a security risk, but I do not think it will come up with malware.

RSIT
Please download random/random's system information tool (RSIT) and run it. At the disclaimer screen, choose a period of one month. Then click Continue. It will produce two logs:

  • log.txt (will be maximized)
  • info.txt (will be minimized)

Please post both in your next reply. If they won't fit into one post, divide them over multiple posts :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Trouble with searcheworld

Unread postby Pollux.Castor » May 5th, 2009, 7:53 am

Thanks,

I'll look into how to reset the router. Resetting it could be involved, as I and my son have modified quite a few settings that will need to be reentered. First I'll look at what's there to see if anything seems out of order.

I have proceeded with the rest of the instructions.

Logs follow:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-05-05 07:32:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (20%) free of 57 GB
Total RAM: 510 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:34 AM, on 5/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\calc.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\HJT\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 0114705218
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0114681687
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 7918 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\Norton Security Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll [2007-02-23 140840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-01-13 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-01-13 114688]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15360]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-04 1830128]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-29 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-01-13 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=10000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft Games\Dungeon Siege\DungeonSiege.exe"="C:\Program Files\Microsoft Games\Dungeon Siege\DungeonSiege.exe:*:Enabled:Dungeon Siege Game Executable"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84fbc144-f65b-11dd-a664-005056c00008}]
shell\AutoRun\command - E:\DigitalPhotoframe.EXE


======List of files/folders created in the last 1 months======

2009-05-05 07:32:08 ----D---- C:\rsit
2009-05-02 23:39:26 ----D---- C:\GMER
2009-04-27 18:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-27 18:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-27 18:21:32 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-27 18:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-27 18:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-27 18:20:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-27 18:19:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-27 18:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-27 18:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-04-27 17:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-27 17:52:41 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-04-27 17:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-27 17:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-27 17:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-04-27 17:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-27 17:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-27 17:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB942830$
2009-04-27 17:38:53 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-04-27 17:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-04-27 17:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-27 17:36:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-27 17:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-27 17:36:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-27 17:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-27 17:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-27 17:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-04-27 17:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-27 17:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-27 17:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-04-27 17:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-27 17:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-27 17:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-27 17:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-27 17:21:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-27 17:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-27 17:21:20 ----SHD---- C:\Config.Msi
2009-04-27 17:21:20 ----D---- C:\Program Files\MSXML 4.0
2009-04-27 17:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-04-27 17:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-27 17:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB942831$
2009-04-25 17:29:36 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-04-20 15:15:13 ----D---- C:\Documents and Settings\Owner\Application Data\PDF reDirect
2009-04-20 15:14:56 ----D---- C:\Program Files\PDF reDirect

======List of files/folders modified in the last 1 months======

2009-05-05 07:32:15 ----D---- C:\HJT
2009-05-05 07:32:14 ----D---- C:\WINDOWS\Temp
2009-05-05 00:03:47 ----D---- C:\Program Files\Mozilla Firefox
2009-05-04 08:52:26 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-04 08:48:23 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2009-04-27 18:59:17 ----D---- C:\WINDOWS\system32
2009-04-27 18:59:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-27 18:56:16 ----D---- C:\WINDOWS
2009-04-27 18:53:43 ----D---- C:\Program Files\McAfee
2009-04-27 18:53:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-27 18:53:09 ----D---- C:\WINDOWS\system32\wbem
2009-04-27 18:53:09 ----D---- C:\WINDOWS\AppPatch
2009-04-27 18:26:05 ----SHD---- C:\WINDOWS\Installer
2009-04-27 18:22:32 ----HD---- C:\WINDOWS\inf
2009-04-27 18:22:27 ----D---- C:\WINDOWS\system32\drivers
2009-04-27 18:22:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-27 18:22:06 ----A---- C:\WINDOWS\imsins.BAK
2009-04-27 18:21:09 ----D---- C:\Program Files\Messenger
2009-04-27 18:09:43 ----D---- C:\WINDOWS\system32\en-US
2009-04-27 18:09:43 ----D---- C:\Program Files\Internet Explorer
2009-04-27 18:08:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-27 18:07:54 ----D---- C:\WINDOWS\ie7updates
2009-04-27 18:03:11 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-27 17:52:41 ----RD---- C:\Program Files
2009-04-27 17:41:09 ----D---- C:\WINDOWS\WinSxS
2009-04-27 17:28:54 ----RSD---- C:\WINDOWS\Fonts
2009-04-27 17:27:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-25 17:29:36 ----D---- C:\WINDOWS\Debug
2009-04-25 17:08:07 ----D---- C:\WINDOWS\Help
2009-04-10 12:04:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-06 07:57:26 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2007-09-06 23296]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-01-14 108736]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-01-14 78272]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-01-15 42368]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-03 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-01-14 87803]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2007-09-06 9600]
S3 aqju2cm7;aqju2cm7; C:\WINDOWS\system32\drivers\aqju2cm7.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\System32\DRIVERS\IPFilter.sys [2001-08-23 10192]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2007-08-21 32512]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IISADMIN;IIS Admin Service; C:\WINDOWS\system32\inetsrv\inetinfo.exe [1999-12-07 14608]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Server\vmware-authd.exe [2007-09-06 151643]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2007-09-06 106496]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-05-01 269104]
R2 vmserverdWin32;VMware Registration Service; C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2007-09-06 1650781]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2007-09-06 135168]
R2 W3SVC;World Wide Web Publishing Service; C:\WINDOWS\system32\inetsrv\inetinfo.exe [1999-12-07 14608]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PCPitstop Scheduling;PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312]

-----------------EOF-----------------
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Re: Trouble with searcheworld

Unread postby Pollux.Castor » May 5th, 2009, 7:56 am

They might have fit in one post, but I thought it might be easier to have them in two posts:

info.txt logfile of random's system information tool 1.06 2009-05-05 07:32:41

======Uninstall list======

-->MsiExec.exe /I{09715083-BF10-4834-9E28-B5D8820513CA}
-->MsiExec.exe /I{1E049668-AD90-4008-B213-E20CED2324DD}
-->MsiExec.exe /I{35103A8A-E9D8-40FA-AEC7-4D138952DB30}
-->MsiExec.exe /I{5FBCB03F-F72A-49BF-BA46-63B3515EE3A9}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ATMA V 5.05-->C:\PROGRA~1\ATMAV~1\Setup.exe /remove
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Character Builder-->MsiExec.exe /I{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}
Chessmaster 5000 Version 1.0.2-->C:\Program Files\Mindscape\Chessmaster 5000\UNINST.EXE
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Dungeon Siege Benchmark-->C:\PROGRA~1\MICROS~4\DUNGEO~1\INSTAL~1\UNINST~1.EXE C:\PROGRA~1\MICROS~4\DUNGEO~1\INSTAL~1\INSTALL.LOG
Dungeon Siege Legends of Aranna-->"C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove
Dungeon Siege Tool Kit-->C:\Program Files\Dungeon Siege Tool Kit\UNWISE.EXE
gmax-->MsiExec.exe /X{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
HijackThis 2.0.2-->"C:\HJT\HijackThis.exe" /uninstall
HJTHotkey 3.054-->"C:\Program Files\HJTHotkey\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{9DA92370-2929-4A4D-B3DF-B1651D77C6AA}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft MSDN 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2005 Express Edition - ENU-->MsiExec.exe /X{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} /package {AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Visual C++ 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Express Edition - ENU-->MsiExec.exe /X{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MyDSC2-->C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\setup.exe -runfromtemp -l0x0009 -removeonly
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Neverwinter Nights-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe" -l0x9
Norton Security Scan-->MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
OpenRPG (Remove Only)-->C:\Program Files\OpenRPG\uninstall.exe
Paint Shop Pro 4 Shareware-->C:\PROGRA~1\PAINTS~1\UNWISE.EXE C:\PROGRA~1\PAINTS~1\INSTALL.LOG
PC Pitstop Exterminate2 2.0-->"C:\Program Files\PCPitstop\Exterminate2\unins000.exe"
PDF reDirect (remove only)-->C:\Program Files\PDF reDirect\Uninstall.exe
progeCAD 2008 Smart! ENG-->C:\PROGRA~1\PROGES~1\PROGEC~1\UNWISE.EXE C:\PROGRA~1\PROGES~1\PROGEC~1\install.log
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuarterMaster-->MsiExec.exe /I{D4685ED2-93BE-45C6-AD27-0AA11ED84795}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RedShift 4-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RedShift4\Uninst.isu"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942830)-->"C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942831)-->"C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VMware Server-->MsiExec.exe /I{FEE84D71-7FF0-46C1-AED4-1BD821D53A9F}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
wxPython 2.8.1.1 (unicode) for Python 2.5-->"C:\Python25\Lib\site-packages\wx-2.8-msw-unicode\unins000.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! IE Search Suggest-->C:\PROGRA~1\Yahoo!\Search\UNINST~1.EXE
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-web ... loader.cab [2007-08-18]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2007-08-18]
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [2008-02-06]

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: DELL
Event Code: 100
Message: The server was unable to logon the Windows NT account 'IUSR_DELL' due to the following error: The specified module could not be found. The data is the error code.

For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Record Number: 27118
Source Name: W3SVC
Time Written: 20081214163901.000000-300
Event Type: warning
User:

Computer Name: DELL
Event Code: 100
Message: The server was unable to logon the Windows NT account 'IUSR_DELL' due to the following error: The specified module could not be found. The data is the error code.

For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Record Number: 27115
Source Name: W3SVC
Time Written: 20081214083430.000000-300
Event Type: warning
User:

Computer Name: DELL
Event Code: 100
Message: The server was unable to logon the Windows NT account 'IUSR_DELL' due to the following error: The specified module could not be found. The data is the error code.

For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Record Number: 27114
Source Name: W3SVC
Time Written: 20081214082828.000000-300
Event Type: warning
User:

Computer Name: DELL
Event Code: 100
Message: The server was unable to logon the Windows NT account 'IUSR_DELL' due to the following error: The specified module could not be found. The data is the error code.

For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Record Number: 27113
Source Name: W3SVC
Time Written: 20081214082356.000000-300
Event Type: warning
User:

Computer Name: DELL
Event Code: 100
Message: The server was unable to logon the Windows NT account 'IUSR_DELL' due to the following error: The specified module could not be found. The data is the error code.

For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Record Number: 27112
Source Name: W3SVC
Time Written: 20081214001855.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: DELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 5633
Source Name: crypt32
Time Written: 20080803010541.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 5632
Source Name: crypt32
Time Written: 20080803010541.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 5631
Source Name: crypt32
Time Written: 20080803010541.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 5630
Source Name: crypt32
Time Written: 20080803010541.000000-240
Event Type: error
User:

Computer Name: DELL
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 5629
Source Name: crypt32
Time Written: 20080803010539.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\

-----------------EOF-----------------
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Re: Trouble with searcheworld

Unread postby Odd dude » May 5th, 2009, 8:57 am

Something unnerving just showed up.

Submit a file for analysis
We need to have something checked for malware. Please go to Jotti's.
  • Click Browse next to File to upload & scan and copy and paste the first line of the following list into the browse box:
    Code: Select all
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
  • Click Submit. The file will now be scanned for malware and the results will be displayed from the screen. Select the part where the virus scan results are shown (the part starting with A-squared and ending with VBA32) and copy and paste this to notepad.
  • Repeat this procedure for any other files I have listed.
  • Copy and paste the whole notepad file you just made into your reply.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Trouble with searcheworld

Unread postby Pollux.Castor » May 6th, 2009, 8:15 am

Here it is:
Scan taken on 06 May 2009 11:46:56 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
Service load:
0% 100%
File: inetinfo.exe
Status:
OK
MD5: 05b5d2d8000f76a84a1d2281fa603ec8
Packers detected:
-
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
User avatar
Pollux.Castor
Regular Member
 
Posts: 444
Joined: December 28th, 2005, 12:01 pm

Re: Trouble with searcheworld

Unread postby Odd dude » May 6th, 2009, 12:02 pm

Your version of Adobe Reader is old and may contain security leaks. Please first uninstall the older version, then download and install the newest version from here.

Uninstall all your Java and download and install the latest version from here. The site is a bit confusing; this is what you should do:
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 13.
  • Click the Download button to the right.
  • Choose the correct Platform. Also, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Now, click Continue.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Now, close all other windows. Including Internet Explorer.
  • You can now install Java by double-clicking the executable you just downloaded.

Logs look fine otherwise.

Still problems? If yes, we can do an online scan, to check for infected system files, and after that I've exhausted all the options I can think of right now.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware