Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Red Letters on Desktop "DANGER" Your Computer is Infected [S

Started by cynthia-baker , Aug 01 2009 08:30 AM

  • This topic is locked This topic is locked

#16
cynthia-baker
Posted 08 August 2009 - 06:13 AM

cynthia-baker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
The GMER-1 log and DDS log follow. I am having a problem with SysProt -- once the scan begins I receive the following message


WINDOWS - NO DISK

There is no disk in the drive.Please insert a disk into drive \Drive\Harddisk1\DR4.

I clicked on all three of the options: Cancel, Try Again, Continue

and each time I get an event sound, the box remains open and the scan stops.

GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-08 06:14:10
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF54164EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF5416581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF5416498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF54164AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF5416595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF54165C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF541662F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF5416619]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF541652A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF541665B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF541656D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF5416470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF5416484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF54164FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF5416697]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF5416603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF54165ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF54165AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF5416683]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF541666F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF54164D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF54164C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF54165D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF5416559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF5416645]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF5416540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF5416514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP F5416518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP F54164EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP F541652E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP F5416544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP F5416502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP F5416474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP F5416488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP F54164C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP F54164B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP F541649C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP F54164DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP F541655D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219E8 7 Bytes JMP F54165F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D36 7 Bytes JMP F54165DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622060 7 Bytes JMP F5416649 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228FE 7 Bytes JMP F5416607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 7 Bytes JMP F54165AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237B0 5 Bytes JMP F5416585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C40 7 Bytes JMP F5416599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E10 7 Bytes JMP F54165C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 7 Bytes JMP F5416633 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425A 7 Bytes JMP F541661D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP F5416571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EA8 7 Bytes JMP F541669B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80625168 5 Bytes JMP F5416673 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585C 5 Bytes JMP F5416687 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625976 5 Bytes JMP F541665F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? mvswg.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0007008C
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070071
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F97
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002F
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F7C
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700C2
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F5A
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700F3
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F49
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070054
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000700B1
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007001E
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FCD
.text C:\WINDOWS\system32\services.exe[704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F6B
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0006005B
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050018
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050F97
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FCD
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FA8
.text C:\WINDOWS\system32\services.exe[704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[704] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D2006C
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20F77
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20F94
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20FA5
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20036
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D2009D
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20F55
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D200AE
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20F1F
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D200C9
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D20051
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D2001B
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D20F66
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D20FCA
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D20FE5
.text C:\WINDOWS\system32\lsass.exe[716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D20F3A
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10040
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D10062
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10025
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D10FAF
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D10051
.text C:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00069
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D0004E
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00029
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D0000C
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00FDE
.text C:\WINDOWS\system32\lsass.exe[716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\lsass.exe[716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30FE5
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DA0F53
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DA0F64
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA0F75
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DA0F86
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DA0FAB
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DA0F42
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DA007E
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA0F05
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA0F16
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA00C3
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA0032
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA0FDE
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DA0063
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DA0FBC
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DA0FCD
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DA0F31
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D90FAF
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D90F8A
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D90FCA
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D9003D
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90FE5
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D9002C
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D9001B
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80027
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D8000C
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D80FB7
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80FA6
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D80FDE
.text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D80F88
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D80F99
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D80073
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D80062
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D80FDB
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D80F5C
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D800A2
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D800BF
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D80F30
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D80F01
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D80FCA
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D80011
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D80F77
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D80047
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D80022
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D80F41
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D70FC3
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D70F83
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D70FD4
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D70FE5
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D70040
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D70F94
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F7, 88]
.text C:\WINDOWS\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D70025
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D6002C
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D6001B
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D60FBC
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D60FAB
.text C:\WINDOWS\system32\svchost.exe[1096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[1096] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D50FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02F10000
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02F10082
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02F10071
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02F10F97
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02F10054
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02F10FA8
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02F100CB
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02F100AE
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02F10F4D
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02F10F5E
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02F10F3C
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02F1002F
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02F10FE5
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02F1009D
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02F10FB9
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02F10FD4
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02F100E6
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02EC0014
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02EC004A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02EC0FC3
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02EC0FD4
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02EC0F97
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02EC0FEF
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02EC0039
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02EC0FB2
.text C:\WINDOWS\System32\svchost.exe[1192] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02EB0FB2
.text C:\WINDOWS\System32\svchost.exe[1192] msvcrt.dll!system 77C293C7 5 Bytes JMP 02EB0FCD
.text C:\WINDOWS\System32\svchost.exe[1192] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02EB002C
.text C:\WINDOWS\System32\svchost.exe[1192] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02EB0000
.text C:\WINDOWS\System32\svchost.exe[1192] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02EB003D
.text C:\WINDOWS\System32\svchost.exe[1192] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02EB0011
.text C:\WINDOWS\System32\svchost.exe[1192] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02E70FEF
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02E60FE5
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 02E60000
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02E6001B
.text C:\WINDOWS\System32\svchost.exe[1192] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 02E6002C
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F81
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F92
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650FA3
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650FC0
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F5C
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006500AE
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650F0B
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F30
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650EFA
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650062
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650091
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0065002C
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650F41
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640F9B
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FDB
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640062
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00640051
.text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FC0
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630042
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FB7
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FD2
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630027
.text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00C9
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A00AE
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0087
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0101
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F97
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A014B
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A006C
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00E4
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0051
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0036
.text C:\WINDOWS\system32\dllhost.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0126
.text C:\WINDOWS\system32\dllhost.exe[1372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290058
.text C:\WINDOWS\system32\dllhost.exe[1372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FCD
.text C:\WINDOWS\system32\dllhost.exe[1372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FDE
.text C:\WINDOWS\system32\dllhost.exe[1372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\dllhost.exe[1372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290033
.text C:\WINDOWS\system32\dllhost.exe[1372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290018
.text C:\WINDOWS\system32\dllhost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F83
.text C:\WINDOWS\system32\dllhost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\dllhost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\system32\dllhost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0040
.text C:\WINDOWS\system32\dllhost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\system32\dllhost.exe[1372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F9E
.text C:\WINDOWS\system32\dllhost.exe[1372] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\system32\dllhost.exe[1372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\dllhost.exe[1372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A10F57
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A1004C
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A10F72
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A10F83
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A10FAF
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A10F35
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A10071
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A10F10
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A100B3
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A100CE
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A10F94
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A10011
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A10F46
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A10FC0
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A100A2
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A0002C
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A00F8A
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A00047
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A00FA5
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C0, 88]
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A00FC0
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009F0053
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!system 77C293C7 5 Bytes JMP 009F0038
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009F0016
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009F0027
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009F0FD2
.text C:\WINDOWS\system32\svchost.exe[1436] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 068D0000
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 068D0F6E
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 068D0F7F
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 068D0F9A
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!LoadLibraryExA 7C801D53 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 068D0057
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 068D0FBC
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 068D00A0
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 068D0085
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 068D0F29
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 068D00C2
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 068D0F18
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 068D0FAB
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 068D0FEF
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 068D0074
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 068D0FCD
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 068D0FDE
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 068D00B1
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03AC0FB9
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03AC005E
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03AC0FD4
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03AC0014
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03AC0F97
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03AC0FEF
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03AC0FA8
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 8B]
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03AC002F
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0193003F
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!system 77C293C7 5 Bytes JMP 0193002E
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01930FC8
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01930000
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0193001D
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01930FE3
.text C:\WINDOWS\Explorer.EXE[1748] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 018F0FEF
.text C:\WINDOWS\Explorer.EXE[1748] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 018F000A
.text C:\WINDOWS\Explorer.EXE[1748] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 018F0025
.text C:\WINDOWS\Explorer.EXE[1748] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 018F0FD4
.text C:\WINDOWS\Explorer.EXE[1748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0191000A
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C2007B
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C2006A
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F86
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20039
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C2001E
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20F50
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20098
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F09
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F24
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C200BD
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20FA1
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20FD4
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C20F6B
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20FB2
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C20F3F
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660022
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660069
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660FB6
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660058
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660033
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650FB7
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650042
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FE3
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0065000C
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FD2
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0065001D
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00630025
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C600B8
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C6009D
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60076
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60FB9
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60036
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60F7A
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60F8B
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60F44
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60F55
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C600EE
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C6005B
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60FA8
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C60025
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FCA
.text C:\WINDOWS\system32\svchost.exe[2148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C600D3
.text C:\WINDOWS\system32\svchost.exe[2148] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50FC0
.text C:\WINDOWS\system32\svchost.exe[2148] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50FAF
.text C:\WINDOWS\system32\svchost.exe[2148] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50011
.text C:\WINDOWS\system32\svchost.exe[2148] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[2148] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C50062
.text C:\WINDOWS\system32\svchost.exe[2148] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\system32\svchost.exe[2148] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C50047
.text C:\WINDOWS\system32\svchost.exe[2148] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50036
.text C:\WINDOWS\system32\svchost.exe[2148] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40044
.text C:\WINDOWS\system32\svchost.exe[2148] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40FC3
.text C:\WINDOWS\system32\svchost.exe[2148] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40029
.text C:\WINDOWS\system32\svchost.exe[2148] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[2148] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\svchost.exe[2148] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40018
.text C:\WINDOWS\system32\svchost.exe[2148] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E2000A
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E200AB
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E20090
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E20FB6
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E20073
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E20FD1
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E20F85
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E200D7
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E200F9
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E20F60
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E20F3B
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E20058
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E2001B
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E200C6
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E2003D
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E2002C
.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E200E8
.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E1002F
.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E10F9E
.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E10014
.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E10FDE
.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E10FB9
.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E1005B
.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E10040
.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E00038
.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E00FAD
.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E0001D
.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E00FE3
.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E00FBE
.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E0000C
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F52
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F63
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0047
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F8A
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A002C
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F2D
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0069
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00AB
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F1C
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00C6
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0058
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FC0
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0090
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290036
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290FA5
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290025
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290062
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FE5
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290051
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0051
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FC6
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FD7
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0036
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0011
.text C:\WINDOWS\System32\svchost.exe[3552] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat F11DBD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother MFC-640CW USB Printer@ChangeID 3949625

---- Files - GMER 1.0.15 ----

File C:\Program Files\Yahoo!\browser\Content\uc\images\alrt_notice_m_1.png 787 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\alrt_s.png 890 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\frame48.gif 972 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\frame48.png 200 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\frame72.png 448 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\logo.png 6145 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\scArrow.png 180 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_brand_16.png 733 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_brand_48.png 2208 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_mail_16.png 968 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_mail_48.png 2861 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_msg_bg.png 378 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_pc_16.gif 1015 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_pc_16.png 955 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_pc_48.png 1988 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_pop_16.png 918 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_pop_48.png 2073 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_separator.gif 3716 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_spam_16.png 936 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\stat_spam_48.png 1991 bytes
File C:\Program Files\Yahoo!\browser\Content\uc\images\yucres.xml 1911 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_abrl.htm 1073 bytes
File C:\Program Files\Yahoo!\browser\sbxml\bm_err.htm 1021 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame 0 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_b.gif 62 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_bl.gif 99 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_br.gif 99 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_l.gif 61 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_r.gif 61 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_title_chevron.gif 126 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_title_chevron_hot.gif 395 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_title_l.gif 179 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_title_r.gif 179 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_title_t.gif 62 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_title_tl.gif 95 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\full_title_tr.gif 95 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_b.gif 88 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_bl.gif 99 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_bl_down.gif 99 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_bl_hot.gif 99 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_br.gif 99 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_br_down.gif 100 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_br_hot.gif 100 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_b_down.gif 88 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_b_hot.gif 88 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_t.gif 62 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_tl.gif 67 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_tl_down.gif 92 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_tl_hot.gif 92 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_tr.gif 93 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_tr_down.gif 94 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_tr_hot.gif 94 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_t_down.gif 62 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\mini_t_hot.gif 62 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules 0 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\1.gif 1166 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\11.gif 1231 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\14.gif 1211 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\15.gif 1220 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\17.gif 1251 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\18.gif 1189 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\2.gif 1202 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\3.gif 1225 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\4.gif 1211 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\5.gif 1192 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\6.gif 1180 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\7.gif 1207 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\8_us.gif 1160 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\8_world.gif 1202 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\modules\vssver.scc 256 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\tb_tl0.gif 61 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\tb_tl1.gif 61 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\tb_tr0.gif 61 bytes
File C:\Program Files\Yahoo!\browser\sbxml\frame\tb_tr1.gif 61 bytes
File C:\Program Files\Yahoo!\browser\sbxml\loading8_ed.gif 352 bytes
File C:\Program Files\Yahoo!\browser\sbxml\modbglogo_adr.png 7121 bytes
File C:\Program Files\Yahoo!\browser\sbxml\modbglogo_cal.png 5453 bytes
File C:\Program Files\Yahoo!\browser\sbxml\modButtons3.bmp 261900 bytes
File C:\Program Files\Yahoo!\browser\sbxml\reload.htm 1068 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_ab.bmp 36090 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_ab.xml 1080 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_ab0.htm 1134 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_aba.bmp 13110 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_aba.xml 718 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_abbc.htm 1067 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_abh.htm 2271 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_abld.htm 826 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_abs.bmp 3030 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_abs.xml 329 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_abw.htm 2271 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_ab_wlcm.gif 4253 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_bm.bmp 9526 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_bm.xml 549 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_button_icon.bmp 894 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_cal.bmp 7182 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_cal.xml 959 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_cal0.htm 1121 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_calbc.htm 1067 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_cale.htm 1885 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_calld.htm 826 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_calrl.htm 1073 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_calt.htm 1354 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_cal_wlcm.gif 5554 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_friends.bmp 48762 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_hst.bmp 12654 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_hst.xml 857 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_img.xml 668 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_local.xml 1035 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_menu.xml 5184 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_menu4.bmp 271494 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_menu5.bmp 271496 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_wc.bmp 65878 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_wc.xml 1643 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_wc_indiv.bmp 18750 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_wc_indiv.xml 1365 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_wm_boo.gif 5710 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_wm_his.gif 4186 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_wm_mes.gif 4397 bytes
File C:\Program Files\Yahoo!\browser\sbxml\sb_yb_sbc_dsl.xml 1035 bytes
File C:\Program Files\Yahoo!\browser\sbxml\vssver.scc 800 bytes
File C:\Program Files\Yahoo!\browser\sbxml\warning_40.gif 1925 bytes
File C:\Program Files\Yahoo!\browser\sbxml\watermark.gif 1280 bytes
File C:\Program Files\Yahoo!\browser\sbxml\y_e8.gif 857 bytes
File C:\Program Files\Yahoo!\browser\toolbar\icons\1.ico 23878 bytes
File C:\Program Files\Yahoo!\browser\toolbar\icons\2.ico 23566 bytes
File C:\Program Files\Yahoo!\browser\toolbar\icons\3.ico 23878 bytes
File C:\Program Files\Yahoo!\browser\toolbar\icons\4.ico 23878 bytes
File C:\Program Files\Yahoo!\browser\toolbar\icons\yb_yp2_down.png 1821 bytes
File C:\Program Files\Yahoo!\browser\toolbar\icons\yb_yp2_hover.png 1874 bytes
File C:\Program Files\Yahoo!\browser\toolbar\icons\yb_yp2_s_down.png 1834 bytes
File C:\Program Files\Yahoo!\browser\toolbar\icons\yb_yp2_s_hover.png 1782 bytes
File C:\Program Files\Yahoo!\browser\toolbar\icons\yb_yp2_s_up.png 1694 bytes
File C:\Program Files\Yahoo!\browser\toolbar\icons\yb_yp2_up.png 1756 bytes
File C:\Program Files\Yahoo!\Common\ycust.log 9317 bytes
File C:\Program Files\Yahoo!\Common\atty.ico 25214 bytes
File C:\Program Files\Yahoo!\Common\Icons 0 bytes
File C:\Program Files\Yahoo!\Common\Icons\services.ico 7318 bytes
File C:\Program Files\Yahoo!\Common\Icons\yaddress.ico 25214 bytes
File C:\Program Files\Yahoo!\Common\Icons\yaudio.ico 25214 bytes
File C:\Program Files\Yahoo!\Common\Icons\ybrief.ico 25214 bytes
File C:\Program Files\Yahoo!\Common\Icons\ycalen.ico 25214 bytes
File C:\Program Files\Yahoo!\Common\Icons\yfavicon.ico 318 bytes
File C:\Program Files\Yahoo!\Common\Icons\ymyyahoo.ico 25214 bytes
File C:\Program Files\Yahoo!\Common\Icons\yphoto.ico 7918 bytes
File C:\Program Files\Yahoo!\Common\Icons\yvideo.ico 25214 bytes
File C:\Program Files\Yahoo!\Common\inst-yextras.log 10810 bytes
File C:\Program Files\Yahoo!\Common\inst-yih.log 1307 bytes
File C:\Program Files\Yahoo!\Common\sbcybase.log 10673 bytes
File C:\Program Files\Yahoo!\Common\sbcyuc.log 44220 bytes
File C:\Program Files\Yahoo!\Common\uninstall.exe 118776 bytes executable
File C:\Program Files\Yahoo!\Common\unin_yextras.exe 34279 bytes executable
File C:\Program Files\Yahoo!\Common\Unwise32.exe 153088 bytes executable
File C:\Program Files\Yahoo!\Common\unybase.exe 231976 bytes executable
File C:\Program Files\Yahoo!\Common\unycust.exe 136768 bytes executable
File C:\Program Files\Yahoo!\Common\unyop.exe 226544 bytes executable
File C:\Program Files\Yahoo!\Common\unypc.exe 194192 bytes executable
File C:\Program Files\Yahoo!\Common\unyt.exe 97814 bytes executable
File C:\Program Files\Yahoo!\Common\yas.dll 99432 bytes executable
File C:\Program Files\Yahoo!\Common\YDefUser.dll 49152 bytes executable
File C:\Program Files\Yahoo!\Common\yiesrvc.dll 198136 bytes executable
File C:\Program Files\Yahoo!\Common\YIeTagBm.dll 120312 bytes
File C:\Program Files\Yahoo!\Common\YInstHelper.dll 209448 bytes
File C:\Program Files\Yahoo!\Common\ylogin.dll 128216 bytes executable
File C:\Program Files\Yahoo!\Common\yloginids.dll 112120 bytes executable
File C:\Program Files\Yahoo!\Common\YmailCfg.dll 173848 bytes
File C:\Program Files\Yahoo!\Common\YmailCfg_EXE.exe 197920 bytes executable
File C:\Program Files\Yahoo!\Common\ymmapi.dll 285464 bytes executable
File C:\Program Files\Yahoo!\Common\YMMAPI.exe 104464 bytes executable
File C:\Program Files\Yahoo!\Common\ynso_uninstall.exe 45824 bytes executable
File C:\Program Files\Yahoo!\Common\yregucfg.dll 144448 bytes
File C:\Program Files\Yahoo!\Common\Ysctr.exe 411936 bytes executable
File C:\Program Files\Yahoo!\Common\Yshortcut.dll 239096 bytes executable
File C:\Program Files\Yahoo!\Common\Yshortcut.exe 118784 bytes executable
File C:\Program Files\Yahoo!\Common\yskin.log 17505 bytes
File C:\Program Files\Yahoo!\Common\yucconfig.dll 74840 bytes executable
File C:\Program Files\Yahoo!\Common\Yverinfo.dll 79128 bytes executable
File C:\Program Files\Yahoo!\Common\YWXcom.dll 229664 bytes executable
File C:\Program Files\Yahoo!\Messenger\Cache\0uu5kI..iFTE0Z8vfCO5EQ--\RingTones 0 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\0uu5kI..iFTE0Z8vfCO5EQ--\RingTones\ringring_03.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\0uu5kI..iFTE0Z8vfCO5EQ--\RingTones\ringring_03.wav 115276 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\0uu5kI..iFTE0Z8vfCO5EQ--\RingTones\ringtone.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\0uu5kI..iFTE0Z8vfCO5EQ--\RingTones\silent.rtl 10 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\0uu5kI..iFTE0Z8vfCO5EQ--\RingTones\silent.wav 33136 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\0uu5kI..iFTE0Z8vfCO5EQ--\RingTones\Yahoo_ring_03.rtl 67 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\0uu5kI..iFTE0Z8vfCO5EQ--\RingTones\Yahoo_ring_03.wav 87478 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\0uu5kI..iFTE0Z8vfCO5EQ--\RingTones\yodel.rtl 37 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\0uu5kI..iFTE0Z8vfCO5EQ--\RingTones\yodel.wav 77654 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1mDCxVAnjAAAEHaE_KJTdUn4A.small.png 773 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1rBwSPwIQAAEC-KFr-A3Dka4A.full.swf 33554 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1rBwSPwIQAAEC-KFr-A3Dka4A.medium.png 4473 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1rBwSPwIQAAEC-KFr-A3Dka4A.small.png 813 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1wXgSXYquAAEE-oFKbA7fUV_4Cw==.small.png 796 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1Y19ODGRVAAEC-IFDfFc=.full.swf 24287 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1Y19ODGRVAAEC-IFDfFc=.medium.png 4560 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1Y19ODGRVAAEC-IFDfFc=.small.png 883 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1ZR-vXSMNAAACQgE_ZC1uRwwB.full.swf 38812 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1ZR-vXSMNAAACQgE_ZC1uRwwB.medium.png 4494 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Avatars\1ZR-vXSMNAAACQgE_ZC1uRwwB.small.png 819 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\branding\10small_1.png 854 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\branding\11small_1.png 407 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\branding\1small_1.gif 600 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\branding\1small_1.png 3410 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\branding\2small_1.gif 668 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\branding\2small_1.png 857 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\branding\9small_1.gif 603 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\branding\9small_1.png 684 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\fRXWJBSfL1dz5jK2ovCNNA--\RingTones\ringring_03.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\fRXWJBSfL1dz5jK2ovCNNA--\RingTones\ringring_03.wav 115276 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\fRXWJBSfL1dz5jK2ovCNNA--\RingTones\ringtone.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\fRXWJBSfL1dz5jK2ovCNNA--\RingTones\silent.rtl 10 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\fRXWJBSfL1dz5jK2ovCNNA--\RingTones\silent.wav 33136 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\fRXWJBSfL1dz5jK2ovCNNA--\RingTones\Yahoo_ring_03.rtl 67 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\fRXWJBSfL1dz5jK2ovCNNA--\RingTones\Yahoo_ring_03.wav 87478 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\fRXWJBSfL1dz5jK2ovCNNA--\RingTones\yodel.rtl 37 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\fRXWJBSfL1dz5jK2ovCNNA--\RingTones\yodel.wav 77654 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\g.MyQAw7JVX9Gz1FwRufbA--\RingTones\ringring_03.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\g.MyQAw7JVX9Gz1FwRufbA--\RingTones\ringring_03.wav 115276 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\g.MyQAw7JVX9Gz1FwRufbA--\RingTones\ringtone.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\g.MyQAw7JVX9Gz1FwRufbA--\RingTones\silent.rtl 10 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\g.MyQAw7JVX9Gz1FwRufbA--\RingTones\silent.wav 33136 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\g.MyQAw7JVX9Gz1FwRufbA--\RingTones\Yahoo_ring_03.rtl 67 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\g.MyQAw7JVX9Gz1FwRufbA--\RingTones\Yahoo_ring_03.wav 87478 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\g.MyQAw7JVX9Gz1FwRufbA--\RingTones\yodel.rtl 37 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\g.MyQAw7JVX9Gz1FwRufbA--\RingTones\yodel.wav 77654 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\SearchKeywords\keyword_default_0.xml 440 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\SearchKeywords\keyword_default_1.xml 440 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\SearchKeywords\keyword_default_11.xml 441 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\SearchKeywords\keyword_default_4.xml 440 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\SearchKeywords\keyword_default_5.xml 440 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\SearchKeywords\keyword_default_6.xml 440 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\SearchKeywords\keyword_default_7.xml 5290 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\vqH0bfXkghlc63lgTKW9lQ--\RingTones\ringring_03.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\vqH0bfXkghlc63lgTKW9lQ--\RingTones\ringring_03.wav 115276 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\vqH0bfXkghlc63lgTKW9lQ--\RingTones\ringtone.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\vqH0bfXkghlc63lgTKW9lQ--\RingTones\silent.rtl 10 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\vqH0bfXkghlc63lgTKW9lQ--\RingTones\silent.wav 33136 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\vqH0bfXkghlc63lgTKW9lQ--\RingTones\Yahoo_ring_03.rtl 67 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\vqH0bfXkghlc63lgTKW9lQ--\RingTones\Yahoo_ring_03.wav 87478 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\vqH0bfXkghlc63lgTKW9lQ--\RingTones\yodel.rtl 37 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\vqH0bfXkghlc63lgTKW9lQ--\RingTones\yodel.wav 77654 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\DIii2rwgWqwQ9ggPHWm.gg--\RingTones\ringring_03.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\DIii2rwgWqwQ9ggPHWm.gg--\RingTones\ringring_03.wav 115276 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\DIii2rwgWqwQ9ggPHWm.gg--\RingTones\ringtone.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\DIii2rwgWqwQ9ggPHWm.gg--\RingTones\silent.rtl 10 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\DIii2rwgWqwQ9ggPHWm.gg--\RingTones\silent.wav 33136 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\DIii2rwgWqwQ9ggPHWm.gg--\RingTones\Yahoo_ring_03.rtl 67 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\DIii2rwgWqwQ9ggPHWm.gg--\RingTones\Yahoo_ring_03.wav 87478 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\DIii2rwgWqwQ9ggPHWm.gg--\RingTones\yodel.rtl 37 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\DIii2rwgWqwQ9ggPHWm.gg--\RingTones\yodel.wav 77654 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Hke.zoABjNPtDJNjdr.L2Q--\RingTones\ringring_03.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Hke.zoABjNPtDJNjdr.L2Q--\RingTones\ringring_03.wav 115276 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Hke.zoABjNPtDJNjdr.L2Q--\RingTones\ringtone.rtl 113 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Hke.zoABjNPtDJNjdr.L2Q--\RingTones\silent.rtl 10 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Hke.zoABjNPtDJNjdr.L2Q--\RingTones\silent.wav 33136 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Hke.zoABjNPtDJNjdr.L2Q--\RingTones\Yahoo_ring_03.rtl 67 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Hke.zoABjNPtDJNjdr.L2Q--\RingTones\Yahoo_ring_03.wav 87478 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Hke.zoABjNPtDJNjdr.L2Q--\RingTones\yodel.rtl 37 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Hke.zoABjNPtDJNjdr.L2Q--\RingTones\yodel.wav 77654 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\8DDEFD3C 12645 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\11C95EE1 3446 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\186112B2 16693 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\1D36DCE5 16312 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\224ABBA4 11597 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\232EB3C4 22951 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\26A68D72 16211 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\27244C58 17857 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\2983A1B7 8870 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\29FDB1A9 8030 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\328D5B5 22657 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\45E961D 18455 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\48324D6 17246 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\523E837A 11839 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\565B352B 17160 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\5A9D3C9 18847 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\5C85A3F 16161 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\5DC425E8 15180 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\5F931128 17472 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\607C6E91 7069 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\70179050 17251 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\736DF428 18635 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\9852291 16428 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\9A1A1084 16032 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\9B125E34 15731 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\9BD4F9E1 13241 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\A1429A4A 15322 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\A4E974B8 18328 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\A719C650 17663 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\A871EB4E 5699 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\AF56A99F 19699 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\B15CD991 15842 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\B2B73CDC 19739 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\B90D0CB 19664 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\B986DF1 8465 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\C59A5635 17134 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\C726DAA 5064 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\CE4B9E2 18717 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\CFF51B88 17387 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\D1D8E1B8 17432 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\D33832E 17098 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\D96239B 15268 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\DA6E5F1C 19161 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\E61544CE 7482 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\F325F96 10328 bytes
File C:\Program Files\Yahoo!\Messenger\Cache\Icon\FEEBBBD 14329 bytes

---- EOF - GMER 1.0.15 ----



DDS (Ver_09-07-30.01) - NTFSx86
Run by Cynthia Baker at 7:18:51.89 on Sat 08/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.122 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Cynthia Baker\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uSearch Page = hxxp://search.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://att.net
mDefault_Search_URL = hxxp://search.yahoo.com
mSearch Page = hxxp://search.yahoo.com
mStart Page = hxxp://att.net
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com
mSearchAssistant =
uWindows: load=c:\docume~1\cynthi~1\locals~1\temp\187.tmp
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare\BearShareIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FunWebProducts; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; Seekmo 10.0.341.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; yie8)" -"http://www.cartoonne...ack/index.html"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SetDefPrt] c:\program files\brother\brmfl05a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\cynthi~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\cynthi~1\startm~1\programs\startup\imvu.lnk - c:\documents and settings\cynthia baker\application data\imvuclient\IMVUClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\cynthia baker\start menu\programs\imvu\Run IMVU.lnk
IE: {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - c:\casino\vegas red casino\casino.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
Trusted Zone: yahoo.com
Trusted Zone: turbotax.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\hiworoyi.dll c:\windows\system32\yefegosi.dll c:\windows\system32\tejavogi.dll c:\windows\system32\sowojawa.dll c:\windows\system32\lodetulu.dll c:\windows\system32\memekava.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\hiworoyi.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-12 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-12 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-12 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-12 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-12 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-12 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-12 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-12 34216]

=============== Created Last 30 ================

2009-08-07 21:46 <DIR> --d----- C:\Malwarebytes' Anti-Malware
2009-08-07 21:42 <DIR> --d----- c:\docume~1\cynthi~1\applic~1\Malwarebytes
2009-08-07 21:42 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-07 21:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-07 21:42 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-07 21:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 20:40 <DIR> --d----- C:\Process Explorer
2009-08-07 20:37 <DIR> --d----- C:\ProcessExplorer
2009-08-07 20:34 1,615,732 a------- C:\ProcessExplorer.zip
2009-08-06 01:28 92,208 a------- c:\windows\system32\Wing.dll
2009-08-06 01:28 12,800 a------- c:\windows\system\Wing32.dll
2009-08-06 01:23 <DIR> --d-h--- c:\windows\PIF
2009-08-02 15:24 54,156 a---h--- c:\windows\QTFont.qfn
2009-08-02 15:24 1,409 a------- c:\windows\QTFont.for
2009-07-24 04:29 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-07-24 02:57 146,432 a------- c:\documents and settings\cynthia baker\REGEDIT.COM
2009-07-23 13:55 <DIR> --d----- c:\windows\system32\Dell
2009-07-23 12:36 <DIR> --d----- c:\windows\SxsCaPendDel
2009-07-23 12:36 <DIR> --d----- C:\2fae39224e8752768ca6177250980507
2009-07-23 12:36 <DIR> --d----- c:\program files\Windows Antivirus Pro
2009-07-23 11:28 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-07-22 22:20 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-22 22:20 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-07-22 22:20 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-22 22:20 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-22 22:20 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-07-22 22:20 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-22 22:20 117,760 -------- c:\windows\system32\prntvpt.dll
2009-07-22 22:20 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-22 20:29 4 a------- c:\windows\system32\bincd32.dat
2009-07-22 13:57 1,382 a------- c:\windows\system32\onhelp.htm
2009-07-22 13:44 9 a------- c:\windows\system32\bennuar.old
2009-07-22 13:44 36 a------- c:\windows\system32\sysnet.dat
2009-07-22 13:44 3 a------- c:\windows\ppp3.dat
2009-07-22 13:44 64 a------- c:\windows\ppp4.dat
2009-07-22 13:44 65,536 a------- c:\windows\system32\desot.exe
2009-07-22 13:44 34 a------- c:\windows\system32\sonhelp.htm
2009-07-20 21:32 23,040 a------- c:\windows\system32\italc.ifo
2009-07-19 10:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\10536874
2009-07-19 02:14 2 a------- C:\1151013400
2009-07-16 20:08 <DIR> --d----- c:\docume~1\cynthi~1\applic~1\LimeWire
2009-07-16 20:07 <DIR> --d----- c:\program files\360Share Pro
2009-07-13 14:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\3418A
2009-07-10 22:14 0 a------- C:\testwma.raw

==================== Find3M ====================

2009-08-01 02:05 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-07-24 01:47 293,574 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-08 03:07 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 12:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 12:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2008-01-28 01:22 774,144 a------- c:\program files\RngInterstitial.dll
2008-12-03 13:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120320081204\index.dat

============= FINISH: 7:20:34.18 ===============

Edited by cynthia-baker, 08 August 2009 - 06:26 AM.

  • 0

Advertisements

#17
RatHat
Posted 08 August 2009 - 06:54 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure of how to disable these programs, please refer to this page for details.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Note: If you are unsure about anything, a very good Combofix tutorial can be found here.
  • 0

#18
cynthia-baker
Posted 08 August 2009 - 01:10 PM

cynthia-baker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is ComboFix Log:

ComboFix 09-08-07.09 - Cynthia Baker 08/08/2009 13:49.2.2 - NTFSx86
Running from: c:\documents and settings\Cynthia Baker\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Freeze.com Toolbar\basis.xml
c:\program files\Freeze.com Toolbar\freeze.bmp
c:\program files\Freeze.com Toolbar\frzToolbar_logo.bmp
c:\program files\Freeze.com Toolbar\icons.bmp
c:\program files\Freeze.com Toolbar\options.html
c:\program files\Freeze.com Toolbar\powered_yahoo_search.bmp
c:\program files\Freeze.com Toolbar\tbhelper.dll
c:\program files\Freeze.com Toolbar\tbu18E\basis.xml
c:\program files\Freeze.com Toolbar\tbu18E\Cache\e78b7ba774d04f714b471ff9b16bf12b
c:\program files\Freeze.com Toolbar\tbu18E\freeze.bmp
c:\program files\Freeze.com Toolbar\tbu18E\freeze_us.crc
c:\program files\Freeze.com Toolbar\tbu18E\freeze_us.inf
c:\program files\Freeze.com Toolbar\tbu18E\frzToolbar_logo.bmp
c:\program files\Freeze.com Toolbar\tbu18E\icons.bmp
c:\program files\Freeze.com Toolbar\tbu18E\info.txt
c:\program files\Freeze.com Toolbar\tbu18E\options.html
c:\program files\Freeze.com Toolbar\tbu18E\powered_yahoo_search.bmp
c:\program files\Freeze.com Toolbar\tbu18E\tbhelper.dll
c:\program files\Freeze.com Toolbar\tbu18E\uninstall.exe
c:\program files\Freeze.com Toolbar\tbu18E\update.exe
c:\program files\Freeze.com Toolbar\tbu18E\version.txt
c:\program files\Freeze.com Toolbar\tbu18E\whiteList_plugin.dll
c:\program files\Freeze.com Toolbar\version.txt
c:\program files\Freeze.com Toolbar\whiteList_plugin.dll
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\dat.txt
c:\windows\kb913800.exe
c:\windows\system32\bszip.dll
c:\windows\system32\italc.ifo

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IP_FW


((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.

2009-08-08 02:46 . 2009-08-08 02:46 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-08-08 02:43 . 2009-08-08 02:46 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-08 02:42 . 2009-08-08 02:42 -------- d-----w- c:\documents and settings\Cynthia Baker\Application Data\Malwarebytes
2009-08-08 02:42 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 02:42 . 2009-08-08 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-08 02:42 . 2009-08-08 02:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 02:42 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 01:40 . 2009-08-08 01:46 -------- d-----w- C:\Process Explorer
2009-08-08 01:37 . 2009-08-08 01:37 -------- d-----w- C:\ProcessExplorer
2009-08-08 01:34 . 2009-08-08 01:34 1615732 ----a-w- C:\ProcessExplorer.zip
2009-08-06 06:28 . 1998-03-26 20:25 12800 ----a-w- c:\windows\system\Wing32.dll
2009-08-06 06:28 . 1996-02-14 19:01 92208 ----a-w- c:\windows\system32\Wing.dll
2009-08-06 06:23 . 2009-08-06 06:23 -------- d--h--w- c:\windows\PIF
2009-07-24 09:29 . 2009-07-24 09:29 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-24 08:25 . 2009-07-24 08:27 -------- d-----w- c:\documents and settings\Cynthia Baker\Local Settings\Application Data\Deployment
2009-07-24 07:57 . 2008-04-14 00:12 146432 ----a-w- c:\documents and settings\Cynthia Baker\REGEDIT.COM
2009-07-23 18:55 . 2009-07-23 18:55 -------- d-----w- c:\windows\system32\Dell
2009-07-23 17:37 . 2009-07-23 17:37 -------- d-----w- c:\documents and settings\Cynthia Baker\Local Settings\Application Data\PCHealth
2009-07-23 17:36 . 2009-07-23 17:36 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-23 17:36 . 2009-07-23 17:36 -------- d-----w- C:\2fae39224e8752768ca6177250980507
2009-07-23 17:36 . 2009-07-31 10:15 -------- d-----w- c:\program files\Windows Antivirus Pro
2009-07-23 03:20 . 2009-07-23 17:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-23 03:20 . 2009-07-23 03:20 -------- d-----w- c:\program files\MSBuild
2009-07-23 03:20 . 2009-07-23 03:20 -------- d-----w- c:\program files\Reference Assemblies
2009-07-23 03:20 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-23 03:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-23 03:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-23 03:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-23 03:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-23 03:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-23 03:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-23 01:29 . 2009-07-27 01:02 4 ----a-w- c:\windows\system32\bincd32.dat
2009-07-22 18:44 . 2009-07-22 18:44 36 ----a-w- c:\windows\system32\sysnet.dat
2009-07-22 18:44 . 2009-07-22 20:27 3 ----a-w- c:\windows\ppp3.dat
2009-07-22 18:44 . 2009-07-22 20:27 64 ----a-w- c:\windows\ppp4.dat
2009-07-22 18:44 . 2009-07-22 20:27 65536 ----a-w- c:\windows\system32\desot.exe
2009-07-19 15:27 . 2009-07-21 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\10536874
2009-07-17 01:08 . 2009-07-17 02:35 -------- d-----w- c:\documents and settings\Cynthia Baker\Application Data\LimeWire
2009-07-17 01:07 . 2009-07-17 01:08 -------- d-----w- c:\program files\360Share Pro
2009-07-13 19:35 . 2009-07-13 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\3418A

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 07:05 . 2009-05-29 06:01 56 --sh--r- c:\windows\system32\1F15C62445.sys
2009-08-01 07:05 . 2007-02-10 16:47 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-01 06:11 . 2009-07-02 01:48 -------- d-----w- c:\program files\City of Heroes
2009-07-24 08:25 . 2007-02-05 06:21 55808 ----a-w- c:\documents and settings\Cynthia Baker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-24 06:47 . 2009-07-23 03:24 293574 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-07-23 18:55 . 2006-04-24 18:19 -------- d-----w- c:\program files\Dell
2009-07-13 19:35 . 2007-02-05 07:00 -------- d--h--r- c:\documents and settings\Cynthia Baker\Application Data\yahoo!
2009-07-11 03:11 . 2007-02-18 02:55 -------- d-----w- c:\documents and settings\Cynthia Baker\Application Data\BearShare
2009-07-10 03:35 . 2006-04-24 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 03:29 . 2006-04-24 18:28 -------- d-----w- c:\program files\McAfee
2009-07-08 08:07 . 2009-07-08 08:08 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-08 08:07 . 2006-04-24 18:12 -------- d-----w- c:\program files\Java
2009-07-08 08:07 . 2009-07-08 08:06 152576 ----a-w- c:\documents and settings\Cynthia Baker\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-08 01:45 . 2007-02-10 16:47 88 --sh--r- c:\windows\system32\4524C6151F.sys
2009-07-07 20:09 . 2008-10-29 00:07 -------- d-----w- c:\documents and settings\Cynthia Baker\Application Data\IMVU
2009-07-05 00:37 . 2007-02-18 02:53 -------- d-----w- c:\program files\BearShare Applications
2009-07-03 17:09 . 2005-08-16 09:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 22:03 . 2008-11-23 03:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-29 11:47 . 2008-11-09 15:32 -------- d-----w- c:\program files\Google
2009-06-29 08:11 . 2009-06-29 08:11 376832 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll
2009-06-29 08:10 . 2009-06-29 08:10 262416 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll
2009-06-29 08:10 . 2009-06-29 08:10 655360 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_flightzone.2d8aa10da872f1ac4a34a2122bf3c4b2.dll
2009-06-29 08:10 . 2009-06-29 08:10 266512 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll
2009-06-29 08:10 . 2009-06-29 08:10 254224 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll
2009-06-29 08:09 . 2009-06-29 08:09 233744 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll
2009-06-28 20:48 . 2009-06-28 20:48 495888 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus.aa7eb4e3b4774e5cad0d4f8562ca860d.dll
2009-06-28 20:48 . 2009-06-28 20:48 561424 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_tggg.ca9a61a09a35dc0843cc68f532694746.dll
2009-06-28 20:48 . 2009-06-28 20:48 1056768 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_flightzone.1f65e9ffaab494fa7dea6b149ec7a671.dll
2009-06-28 20:48 . 2009-06-28 20:48 139264 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll
2009-06-28 20:48 . 2009-06-28 20:48 114688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll
2009-06-28 20:48 . 2009-06-28 20:48 290941 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll
2009-06-28 20:48 . 2009-06-28 20:48 237840 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll
2009-06-28 20:48 . 2009-06-28 20:48 217360 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll
2009-06-28 20:47 . 2009-06-28 20:47 200704 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
2009-06-28 20:47 . 2009-06-28 20:47 32768 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2009-06-28 20:47 . 2009-06-28 20:47 32834 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_baccarat.a090413d6195a12421945ded5707d93f.dll
2009-06-28 20:47 . 2009-06-28 20:47 303204 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2009-06-28 20:47 . 2009-06-28 20:47 311398 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2009-06-28 20:47 . 2009-06-28 20:47 327784 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2009-06-28 20:46 . 2009-06-28 20:46 213264 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\c\choosebonus.df815bbfb8ae7a29a353f0ae65e4af17.dll
2009-06-28 20:45 . 2009-06-28 20:45 323856 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.339a969d902930975b3194643e289fc9.dll
2009-06-28 20:43 . 2009-06-28 20:43 499984 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus.4968e33b858e6c30beb0ac4b11a9c459.dll
2009-06-28 20:43 . 2009-06-28 20:43 1032192 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_flightzone.4d281f29a7152da50722695b99821fe6.dll
2009-06-28 20:43 . 2009-06-28 20:43 508176 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_temp.556fffdfd1bc700038c0a1370a1eb004.dll
2009-06-28 20:43 . 2009-06-28 20:43 524560 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_tggg.f8ba0ccac248b6026b2705996790640a.dll
2009-06-28 20:43 . 2009-06-28 20:43 909584 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_temp.05f0b16a67acb189be99508aa088d348.dll
2009-06-28 20:43 . 2009-06-28 20:43 1216512 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_flightzone.a761e5b6d3a2ea66d5501258ee2ed22b.dll
2009-06-28 20:43 . 2009-06-28 20:43 663824 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx.53bb68e70e798b2ecdf8b9f3b7384e99.dll
2009-06-28 20:43 . 2009-06-28 20:43 1249399 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_tggg.a33335318f7b89139ecd4652b6e8c4b9.dll
2009-06-28 20:43 . 2009-06-28 20:43 672016 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_temp.20587ea0b10b8a6428639d5dfe4fb9c2.dll
2009-06-28 20:43 . 2009-06-28 20:43 643344 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_temp2.42ac279a5f1c55ac224683685ec4fc49.dll
2009-06-28 20:43 . 2009-06-28 20:43 1904753 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2009-06-28 20:41 . 2009-06-28 20:41 204905 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll
2009-06-28 20:41 . 2009-06-28 20:41 114688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
2009-06-28 20:39 . 2009-06-28 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\MGS
2009-06-16 14:36 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 03:24 . 2009-06-13 03:23 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-13 03:23 . 2009-06-13 03:23 -------- d-----w- c:\program files\McAfee.com
2009-06-03 19:09 . 2005-08-16 09:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 18:04 . 2008-01-11 00:13 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-05-27 17:58 . 2008-01-11 00:16 50 ----a-w- c:\windows\system32\bridf05a.dat
2008-01-28 06:22 . 2008-01-28 06:22 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-07-23 933888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\Cynthia Baker\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
IMVU.lnk - c:\documents and settings\Cynthia Baker\Application Data\IMVUClient\IMVUClient.exe [2008-10-16 49408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-24 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-5-27 802816]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\system32\onhelp.htm
FriendlyName= tets

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe"=
"c:\\Program Files\\Yahoo!\\YUM\\yum.exe"=
"c:\\Program Files\\DellSupport\\DSAgnt.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcupdui.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/12/2009 10:26 PM 203280]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-08-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-13 15:53]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-13 15:53]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
mStart Page = hxxp://att.net
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: {{D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - c:\casino\Vegas Red Casino\casino.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Cynthia Baker\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: turbotax.com
Trusted Zone: yahoo.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 13:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4048)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
Completion time: 2009-08-08 14:06
ComboFix-quarantined-files.txt 2009-08-08 19:06

Pre-Run: 37,404,839,936 bytes free
Post-Run: 36,970,180,608 bytes free

297 --- E O F --- 2009-07-29 08:01
  • 0

#19
RatHat
Posted 08 August 2009 - 08:08 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi Cynthia,

Well it is starting to look better. I need you to upload a few files and have them analysed for me.

I would like you to upload a file to be scanned
  • Please go to VirSCAN.org
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • c:\windows\system\Wing32.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Open Notepad and paste the contents into a new Notepad file using Ctrl and V at the same time.
  • Save the notepad file to your desktop as Wing32.txt and copy the contents into your next reply.
Please do the same with the following files, saving the results by the filename, and post me each result, making sure that you tell me the name of each text file so I can identify each file.
  • c:\windows\system32\Wing.dll
  • c:\documents and settings\Cynthia Baker\REGEDIT.COM
  • c:\windows\system32\1F15C62445.sys
  • c:\windows\system32\4524C6151F.sys
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next, using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Windows Antivirus Pro

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Finally, click Start, then Run, and copy/paste the following bolded text into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A report should pop open for you. Please post the contents in your next reply.
  • 0

#20
cynthia-baker
Posted 08 August 2009 - 11:56 PM

cynthia-baker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here are scans performed at VirSCAN

VirSCAN.org Scanned Report:

Wing32.dll

Scanned time : 2009/06/04 23:31:50 (CDT)
Scanner results: 79% Scanner(30/38) found malware!
File Name : 1.html
File Size : 4037 byte
File Type : Sendmail frozen configuration - version body bgcolor=
MD5 : 4a2514195555a43458b4e087d29124be
SHA1 : e96f20c01c95b12a6cf9992b1e16deaac5ca025c
Online report : http://virscan.org/r...5aa9dfd4d2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090604013225 2009-06-04 2.05 Virus.Win32.Killmbr.D!IK
AhnLab V3 2009.06.05.00 2009.06.05 2009-06-05 0.74 Win-Trojan/Dialer.712704.B
AntiVir 8.2.0.180 7.1.4.59 2009-06-04 0.55 KIT/GhostDial.1
Antiy 2.0.18 20090604.2498051 2009-06-04 0.15 Trojan/Win32.Dialer.gvg
Arcavir 2009 200906041608 2009-06-04 0.39 Dialer.Bib
Authentium 5.1.1 200906041652 2009-06-04 1.18 W32/Trojan2.DOJN (Exact)
AVAST! 4.7.4 090604-0 2009-06-04 0.05 Win32:Dialer-1314 [Trj]
AVG 8.5.286 270.12.53/2155 2009-06-05 0.37 Dialer.KNV
BitDefender 7.81008.3335505 7.25811 2009-06-05 0.75 Trojan.Generic.1004008
CA (VET) 9.0.0.143 31.6.6539 2009-06-05 9.17 -
ClamAV 0.95.1 9421 2009-06-05 0.18 Dialer-3765
Comodo 3.9 1259 2009-06-04 0.74 ApplicUnwnt.Win32.PornTool.Agent.fi
CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 -
Dr.Web 4.44.0.9170 2009.06.05 2009-06-05 4.85 BackDoor.Pigeon.12989
F-Prot 4.4.4.56 20090604 2009-06-04 1.15 W32/Trojan2.DOJN (exact)
F-Secure 5.51.6100 2009.06.05.03 2009-06-05 5.79 -
Fortinet 2.81-3.117 10.466 2009-06-04 0.35 Suspicious
GData 19.5615/19.353 20090605 2009-06-05 4.39 Win32:Dialer-1313 [Trj] [Engine:B]
ViRobot 20090604 2009.06.04 2009-06-04 0.42 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.11 Virus.Win32.Killmbr.D
JiangMin 11.0.706 2009.06.03 2009-06-03 2.07 Trojan/Dialer.gnc
Kaspersky 5.5.10 2009.06.05 2009-06-05 0.08 not-a-virus:Porn-Dialer.Win32.Agent.fi
KingSoft 2009.2.5.15 2009.6.4.21 2009-06-04 0.51 Win32.Hack.ReSSDT.c.716800
McAfee 5.3.00 5636 2009-06-04 2.97 BackDoor-DSQ
Microsoft 1.4701 2009.06.04 2009-06-04 4.29 Backdoor:Win32/Farfli.J
mks_vir 2.01 2009.06.05 2009-06-05 3.35 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 W32/Dialer.DHRP
Panda 9.05.01 2009.06.04 2009-06-04 1.86 -
Trend Micro 8.700-1004 6.170.08 2009-06-04 0.06 TROJ_DIAL.RHB
Quick Heal 10.00 2009.06.05 2009-06-05 1.37 -
Rising 20.0 21.32.34.00 2009-06-04 0.99 Backdoor.Win32.Drwolf.axh
Sophos 2.87.1 4.42 2009-06-05 2.44 Mal/Whybo-A
Sunbelt 5170 5170 2009-06-04 0.94 Porn-Dialer.Win32.Agent.fi
Symantec 1.3.0.24 20090604.002 2009-06-04 0.06 -
nProtect 20090604.01 4070376 2009-06-04 5.23 Trojan/W32.Dialer.712704
The Hacker 6.3.4.3 v00340 2009-06-04 0.63 Trojan/Dialer.Agent.fi
VBA32 3.12.10.6 20090604.1412 2009-06-04 1.96 Porn-Dialer.Win32.Agent.fi
VirusBuster 4.5.11.10 10.107.2/1575686 2009-06-04 1.90 Dialer.Agent.IFEU


Wing.dll

VirSCAN.org Scanned Report :
Scanned time : 2009/06/04 23:31:50 (CDT)
Scanner results: 79% Scanner(30/38) found malware!
File Name : 1.html
File Size : 4037 byte
File Type : Sendmail frozen configuration - version body bgcolor=
MD5 : 4a2514195555a43458b4e087d29124be
SHA1 : e96f20c01c95b12a6cf9992b1e16deaac5ca025c
Online report : http://virscan.org/r...5aa9dfd4d2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090604013225 2009-06-04 2.05 Virus.Win32.Killmbr.D!IK
AhnLab V3 2009.06.05.00 2009.06.05 2009-06-05 0.74 Win-Trojan/Dialer.712704.B
AntiVir 8.2.0.180 7.1.4.59 2009-06-04 0.55 KIT/GhostDial.1
Antiy 2.0.18 20090604.2498051 2009-06-04 0.15 Trojan/Win32.Dialer.gvg
Arcavir 2009 200906041608 2009-06-04 0.39 Dialer.Bib
Authentium 5.1.1 200906041652 2009-06-04 1.18 W32/Trojan2.DOJN (Exact)
AVAST! 4.7.4 090604-0 2009-06-04 0.05 Win32:Dialer-1314 [Trj]
AVG 8.5.286 270.12.53/2155 2009-06-05 0.37 Dialer.KNV
BitDefender 7.81008.3335505 7.25811 2009-06-05 0.75 Trojan.Generic.1004008
CA (VET) 9.0.0.143 31.6.6539 2009-06-05 9.17 -
ClamAV 0.95.1 9421 2009-06-05 0.18 Dialer-3765
Comodo 3.9 1259 2009-06-04 0.74 ApplicUnwnt.Win32.PornTool.Agent.fi
CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 -
Dr.Web 4.44.0.9170 2009.06.05 2009-06-05 4.85 BackDoor.Pigeon.12989
F-Prot 4.4.4.56 20090604 2009-06-04 1.15 W32/Trojan2.DOJN (exact)
F-Secure 5.51.6100 2009.06.05.03 2009-06-05 5.79 -
Fortinet 2.81-3.117 10.466 2009-06-04 0.35 Suspicious
GData 19.5615/19.353 20090605 2009-06-05 4.39 Win32:Dialer-1313 [Trj] [Engine:B]
ViRobot 20090604 2009.06.04 2009-06-04 0.42 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.11 Virus.Win32.Killmbr.D
JiangMin 11.0.706 2009.06.03 2009-06-03 2.07 Trojan/Dialer.gnc
Kaspersky 5.5.10 2009.06.05 2009-06-05 0.08 not-a-virus:Porn-Dialer.Win32.Agent.fi
KingSoft 2009.2.5.15 2009.6.4.21 2009-06-04 0.51 Win32.Hack.ReSSDT.c.716800
McAfee 5.3.00 5636 2009-06-04 2.97 BackDoor-DSQ
Microsoft 1.4701 2009.06.04 2009-06-04 4.29 Backdoor:Win32/Farfli.J
mks_vir 2.01 2009.06.05 2009-06-05 3.35 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 W32/Dialer.DHRP
Panda 9.05.01 2009.06.04 2009-06-04 1.86 -
Trend Micro 8.700-1004 6.170.08 2009-06-04 0.06 TROJ_DIAL.RHB
Quick Heal 10.00 2009.06.05 2009-06-05 1.37 -
Rising 20.0 21.32.34.00 2009-06-04 0.99 Backdoor.Win32.Drwolf.axh
Sophos 2.87.1 4.42 2009-06-05 2.44 Mal/Whybo-A
Sunbelt 5170 5170 2009-06-04 0.94 Porn-Dialer.Win32.Agent.fi
Symantec 1.3.0.24 20090604.002 2009-06-04 0.06 -
nProtect 20090604.01 4070376 2009-06-04 5.23 Trojan/W32.Dialer.712704
The Hacker 6.3.4.3 v00340 2009-06-04 0.63 Trojan/Dialer.Agent.fi
VBA32 3.12.10.6 20090604.1412 2009-06-04 1.96 Porn-Dialer.Win32.Agent.fi
VirusBuster 4.5.11.10 10.107.2/1575686 2009-06-04 1.90 Dialer.Agent.IFEU


REGEDIT.COM

VirSCAN.org Scanned Report :
Scanned time : 2009/08/02 00:30:47 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : REGEDIT.COM
File Size : 146432 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 058710b720282ca82b909912d3ef28db
SHA1 : 48f4612efeb713a5860726fdb999ceceff07557d
Online report : http://virscan.org/r...227a8407fc.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090731163245 2009-07-31 0.33 -
AhnLab V3 2009.08.01.00 2009.08.01 2009-08-01 0.81 -
AntiVir 8.2.0.238 7.1.5.57 2009-07-31 0.07 -
Antiy 2.0.18 20090802.2666756 2009-08-02 0.12 -
Arcavir 2009 200908011537 2009-08-01 0.06 -
Authentium 5.1.1 200908011301 2009-08-01 1.46 -
AVAST! 4.7.4 090801-0 2009-08-01 0.01 -
AVG 8.5.288 270.13.40/2276 2009-08-02 0.41 -
BitDefender 7.81008.3870725 7.26946 2009-08-02 3.42 -
CA (VET) 9.0.0.143 31.6.6649 2009-08-01 4.88 -
ClamAV 0.95.2 9641 2009-08-01 0.03 -
Comodo 3.10 1836 2009-08-01 0.82 -
CP Secure 1.1.0.715 2009.08.01 2009-08-01 11.70 -
Dr.Web 4.44.0.9170 2009.08.02 2009-08-02 5.07 -
F-Prot 4.4.4.56 20090801 2009-08-01 1.46 -
F-Secure 7.02.73807 2009.07.29.10 2009-07-29 7.55 -
Fortinet 2.81-3.120 10.669 2009-08-01 0.27 -
GData 19.6816/19.422 20090802 2009-08-02 4.88 -
ViRobot 20090730 2009.07.30 2009-07-30 0.44 -
Ikarus T3.1.01.64 2009.08.02.73141 2009-08-02 4.20 -
JiangMin 11.0.800 2009.08.01 2009-08-01 3.90 -
Kaspersky 5.5.10 2009.08.02 2009-08-02 0.09 -
KingSoft 2009.2.5.15 2009.8.1.15 2009-08-01 0.46 -
McAfee 5.3.00 5695 2009-08-01 3.01 -
Microsoft 1.4903 2009.08.01 2009-08-01 5.01 -
Norman 6.01.09 6.01.00 2009-07-31 4.00 -
Panda 9.05.01 2009.08.01 2009-08-01 2.65 -
Trend Micro 8.700-1004 6.336.29 2009-08-01 0.03 -
Quick Heal 10.00 2009.07.30 2009-07-30 1.11 -
Rising 20.0 21.40.44.00 2009-07-31 0.88 -
Sophos 2.89.1 4.44 2009-08-02 2.74 -
Sunbelt 5306 5306 2009-08-01 1.00 -
Symantec 1.3.0.24 20090801.003 2009-08-01 0.07 -
nProtect 20090802.01 4993276 2009-08-02 6.23 -
The Hacker 6.3.4.3 v00375 2009-07-31 0.73 -
VBA32 3.12.10.9 20090801.1132 2009-08-01 1.92 -
VirusBuster 4.5.11.10 10.110.1/1825217 2009-07-31 2.23 -

To perform VirSCAN I could not cut & paste file names to box, so I browsed for files to upload. I could not locate 2 of the files you requested (I also did a search still no results):

c:\windows\system32\1F15C62445.sys
c:\windows\system32\4524C6151F.sys

I also deleted c:\Program Files\Windows Antivirus Pro in Windows Explorer.

Here is Qoobox\Add-Remove Programs.txt

360Share Pro(remove only)
Adobe Acrobat 5.0
Adobe Shockwave Player 11
ATI Display Driver
BearShare
Birth of Jesus Activity Center
Caillou's Preschool
City of Villains/City of Heroes (remove only)
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
ESPNMotion
GemMaster Mystic
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Imikimi Plugin
Intel® PRO Network Connections Drivers
Kar Racing
Kyodai Mahjongg
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MediaBar 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
oggcodecs 0.71.0946
Otto
RealArcade
Roxy Palace Online Casino
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Media Format SDK (KB902344)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766

How are doing, now? :)
  • 0

#21
RatHat
Posted 09 August 2009 - 05:47 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system\Wing32.dll
c:\windows\system32\Wing.dll
c:\documents and settings\Cynthia Baker\REGEDIT.COM
c:\windows\system32\1F15C62445.sys
c:\windows\system32\4524C6151F.sys


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the new Combofix.txt report into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now lets run MBAM again, after updating it.

Double click on the MBAM icon to start the program.
  • Click on the Update tab
  • Click the Check for Updates button
  • If an update is found, it will download and install the latest version.
  • Once the update is completed, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#22
RatHat
Posted 10 August 2009 - 12:10 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you still require assistance with this log Cynthia?
  • 0

#23
cynthia-baker
Posted 11 August 2009 - 10:01 AM

cynthia-baker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Sorry for delay in responding (had some dental work) -- just finished logs.

ComboFix
2009-08-11 13:36:33 . 2009-08-11 13:36:36 44,226 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2009-08-11_08.36.24.zip
2009-08-08 19:00:42 . 2009-08-08 19:00:42 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2009-08-08 18:26:08 . 2009-08-08 18:26:08 280 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IP_FW.reg.dat
2009-08-08 18:25:57 . 2009-08-11 13:44:56 4,909 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-08-08 18:09:22 . 2009-08-11 13:33:45 357 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-08-06 06:28:13 . 2009-08-11 13:36:28 12,800 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\Wing32.dll.vir
2009-08-06 06:28:13 . 2009-08-11 13:36:36 92,208 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Wing.dll.vir
2009-07-24 07:57:33 . 2008-04-14 00:12:32 146,432 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cynthia Baker\REGEDIT.COM.vir
2009-07-22 18:44:46 . 2009-07-22 20:27:47 65,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\desot.exe.vir
2009-07-21 02:32:15 . 2009-07-21 02:32:15 23,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\italc.ifo.vir
2009-05-29 06:01:22 . 2009-08-01 07:05:44 56 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\1F15C62445.sys.vir
2008-03-25 00:01:49 . 2008-06-18 07:24:33 71,008 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\COUPON~1.OCX.vir
2008-01-26 16:02:09 . 2008-01-11 19:56:38 2,323 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\freeze_us.inf.vir
2008-01-26 16:02:09 . 2008-01-11 19:56:38 216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\freeze_us.crc.vir
2008-01-26 16:02:09 . 2008-01-11 19:56:36 348,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\tbhelper.dll.vir
2008-01-26 16:02:09 . 2006-07-13 02:04:22 2,562 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\freeze.bmp.vir
2008-01-26 16:02:09 . 2006-11-30 16:52:30 1,848 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\frzToolbar_logo.bmp.vir
2008-01-26 16:02:09 . 2007-06-22 15:03:26 65,334 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\icons.bmp.vir
2008-01-26 16:02:09 . 2007-10-10 21:10:52 258,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\whiteList_plugin.dll.vir
2008-01-26 16:02:09 . 2007-06-13 20:41:46 4,278 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\powered_yahoo_search.bmp.vir
2008-01-26 16:02:09 . 2008-01-11 19:40:00 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\uninstall.exe.vir
2008-01-26 16:02:09 . 2008-01-11 19:41:00 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\update.exe.vir
2008-01-26 16:02:09 . 2008-01-11 19:56:38 79 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\info.txt.vir
2008-01-26 16:02:09 . 2007-10-11 16:24:52 7,071 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\options.html.vir
2008-01-26 16:02:09 . 2008-01-08 18:20:32 52 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\version.txt.vir
2008-01-26 16:02:08 . 2008-01-11 19:56:32 17,355 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\basis.xml.vir
2008-01-01 21:12:53 . 2008-01-26 03:26:23 52 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbu18E\Cache\e78b7ba774d04f714b471ff9b16bf12b.vir
2008-01-01 21:12:31 . 2007-10-11 17:34:58 52 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\version.txt.vir
2008-01-01 21:12:31 . 2007-10-11 17:34:58 14,662 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\basis.xml.vir
2008-01-01 21:12:31 . 2007-10-11 17:34:58 65,334 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\icons.bmp.vir
2008-01-01 21:12:31 . 2007-10-11 17:34:58 110,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\whiteList_plugin.dll.vir
2008-01-01 21:12:31 . 2007-10-11 17:34:58 253,952 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\tbhelper.dll.vir
2008-01-01 21:12:31 . 2007-10-11 17:34:58 4,278 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\powered_yahoo_search.bmp.vir
2008-01-01 21:12:31 . 2007-10-11 17:34:58 7,071 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\options.html.vir
2008-01-01 21:12:31 . 2007-10-11 17:34:58 2,562 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\freeze.bmp.vir
2008-01-01 21:12:31 . 2007-10-11 17:34:58 1,848 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Freeze.com Toolbar\frzToolbar_logo.bmp.vir
2007-09-09 16:22:40 . 2007-09-10 04:52:17 2,632 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\dat.txt.vir
2007-02-10 16:47:10 . 2009-07-08 01:45:15 88 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\4524C6151F.sys.vir
2007-02-05 04:36:43 . 2006-03-21 03:23:12 23,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\kb913800.exe.vir
2000-10-27 22:23:18 . 2000-10-27 22:23:18 50,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\BSZIP.DLL.vir

MBAM

Malwarebytes' Anti-Malware 1.40
Database version: 2601
Windows 5.1.2600 Service Pack 3

8/11/2009 10:21:53 AM
mbam-log-2009-08-11 (10-21-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 232494
Time elapsed: 1 hour(s), 23 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Cynthia Baker\Start Menu\Programs\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

Files Infected:
C:\Old data\Documents and Settings\Baker\Local Settings\Temp\400000d000e9270e8822\Services.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\italc.ifo.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onhelp.htm (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#24
cynthia-baker
Posted 11 August 2009 - 06:56 PM

cynthia-baker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi, the red letters on my desktop are gone. After MBAM they disappeared. While it looks ok -- I know through your direction that it can be deceiving. How do the new logs look?
  • 0

#25
RatHat
Posted 11 August 2009 - 07:05 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi Cynthia,

That is not the full Combofix log.

Please go to Start, then Run, and type in C:\Combofix.txt then press Enter.

Post me the full contents of the log that opens.
  • 0

Advertisements

#26
cynthia-baker
Posted 12 August 2009 - 01:18 AM

cynthia-baker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ComboFix 09-08-10.06 - Cynthia Baker 08/11/2009 8:36.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.201 [GMT -5:00]
Running from: c:\documents and settings\Cynthia Baker\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cynthia Baker\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point

FILE ::
"c:\documents and settings\Cynthia Baker\REGEDIT.COM"
"c:\windows\system\Wing32.dll"
"c:\windows\system32\1F15C62445.sys"
"c:\windows\system32\4524C6151F.sys"
"c:\windows\system32\Wing.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Cynthia Baker\REGEDIT.COM
c:\windows\system\Wing32.dll
c:\windows\system32\1F15C62445.sys
c:\windows\system32\4524C6151F.sys
c:\windows\system32\desot.exe
c:\windows\system32\Wing.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-09 07:28 . 2009-08-09 07:29 -------- d-----w- c:\documents and settings\Cynthia Baker\Application Data\KidZui
2009-08-09 07:28 . 2009-08-09 07:28 -------- d-----w- c:\program files\Kidzui
2009-08-08 02:46 . 2009-08-08 02:46 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-08-08 02:43 . 2009-08-08 02:46 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-08 02:42 . 2009-08-08 02:42 -------- d-----w- c:\documents and settings\Cynthia Baker\Application Data\Malwarebytes
2009-08-08 02:42 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 02:42 . 2009-08-08 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-08 02:42 . 2009-08-08 02:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 02:42 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 01:40 . 2009-08-08 01:46 -------- d-----w- C:\Process Explorer
2009-08-08 01:37 . 2009-08-08 01:37 -------- d-----w- C:\ProcessExplorer
2009-08-08 01:34 . 2009-08-08 01:34 1615732 ----a-w- C:\ProcessExplorer.zip
2009-08-06 06:23 . 2009-08-06 06:23 -------- d--h--w- c:\windows\PIF
2009-07-24 09:29 . 2009-07-24 09:29 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-24 08:25 . 2009-07-24 08:27 -------- d-----w- c:\documents and settings\Cynthia Baker\Local Settings\Application Data\Deployment
2009-07-23 18:55 . 2009-07-23 18:55 -------- d-----w- c:\windows\system32\Dell
2009-07-23 17:37 . 2009-07-23 17:37 -------- d-----w- c:\documents and settings\Cynthia Baker\Local Settings\Application Data\PCHealth
2009-07-23 17:36 . 2009-07-23 17:36 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-23 17:36 . 2009-07-23 17:36 -------- d-----w- C:\2fae39224e8752768ca6177250980507
2009-07-23 03:20 . 2009-07-23 17:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-23 03:20 . 2009-07-23 03:20 -------- d-----w- c:\program files\MSBuild
2009-07-23 03:20 . 2009-07-23 03:20 -------- d-----w- c:\program files\Reference Assemblies
2009-07-23 03:20 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-23 03:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-23 03:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-23 03:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-23 03:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-23 03:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-23 03:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-23 01:29 . 2009-07-27 01:02 4 ----a-w- c:\windows\system32\bincd32.dat
2009-07-22 18:44 . 2009-07-22 18:44 36 ----a-w- c:\windows\system32\sysnet.dat
2009-07-22 18:44 . 2009-07-22 20:27 3 ----a-w- c:\windows\ppp3.dat
2009-07-22 18:44 . 2009-07-22 20:27 64 ----a-w- c:\windows\ppp4.dat
2009-07-19 15:27 . 2009-07-21 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\10536874
2009-07-17 01:08 . 2009-07-17 02:35 -------- d-----w- c:\documents and settings\Cynthia Baker\Application Data\LimeWire
2009-07-17 01:07 . 2009-07-17 01:08 -------- d-----w- c:\program files\360Share Pro
2009-07-13 19:35 . 2009-07-13 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\3418A

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 07:05 . 2007-02-10 16:47 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-01 06:11 . 2009-07-02 01:48 -------- d-----w- c:\program files\City of Heroes
2009-07-24 08:25 . 2007-02-05 06:21 55808 ----a-w- c:\documents and settings\Cynthia Baker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-24 06:47 . 2009-07-23 03:24 293574 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-07-23 18:55 . 2006-04-24 18:19 -------- d-----w- c:\program files\Dell
2009-07-13 19:35 . 2007-02-05 07:00 -------- d--h--r- c:\documents and settings\Cynthia Baker\Application Data\yahoo!
2009-07-11 03:11 . 2007-02-18 02:55 -------- d-----w- c:\documents and settings\Cynthia Baker\Application Data\BearShare
2009-07-10 03:35 . 2006-04-24 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 03:29 . 2006-04-24 18:28 -------- d-----w- c:\program files\McAfee
2009-07-08 08:07 . 2009-07-08 08:08 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-08 08:07 . 2006-04-24 18:12 -------- d-----w- c:\program files\Java
2009-07-08 08:07 . 2009-07-08 08:06 152576 ----a-w- c:\documents and settings\Cynthia Baker\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-07 20:09 . 2008-10-29 00:07 -------- d-----w- c:\documents and settings\Cynthia Baker\Application Data\IMVU
2009-07-05 00:37 . 2007-02-18 02:53 -------- d-----w- c:\program files\BearShare Applications
2009-07-03 17:09 . 2005-08-16 09:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 22:03 . 2008-11-23 03:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-29 11:47 . 2008-11-09 15:32 -------- d-----w- c:\program files\Google
2009-06-29 08:11 . 2009-06-29 08:11 376832 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll
2009-06-29 08:10 . 2009-06-29 08:10 262416 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll
2009-06-29 08:10 . 2009-06-29 08:10 655360 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_flightzone.2d8aa10da872f1ac4a34a2122bf3c4b2.dll
2009-06-29 08:10 . 2009-06-29 08:10 266512 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll
2009-06-29 08:10 . 2009-06-29 08:10 254224 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll
2009-06-29 08:09 . 2009-06-29 08:09 233744 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll
2009-06-28 20:48 . 2009-06-28 20:48 495888 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus.aa7eb4e3b4774e5cad0d4f8562ca860d.dll
2009-06-28 20:48 . 2009-06-28 20:48 561424 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_tggg.ca9a61a09a35dc0843cc68f532694746.dll
2009-06-28 20:48 . 2009-06-28 20:48 1056768 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_flightzone.1f65e9ffaab494fa7dea6b149ec7a671.dll
2009-06-28 20:48 . 2009-06-28 20:48 139264 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll
2009-06-28 20:48 . 2009-06-28 20:48 114688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll
2009-06-28 20:48 . 2009-06-28 20:48 290941 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll
2009-06-28 20:48 . 2009-06-28 20:48 237840 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll
2009-06-28 20:48 . 2009-06-28 20:48 217360 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll
2009-06-28 20:47 . 2009-06-28 20:47 200704 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
2009-06-28 20:47 . 2009-06-28 20:47 32768 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2009-06-28 20:47 . 2009-06-28 20:47 32834 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_baccarat.a090413d6195a12421945ded5707d93f.dll
2009-06-28 20:47 . 2009-06-28 20:47 303204 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2009-06-28 20:47 . 2009-06-28 20:47 311398 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2009-06-28 20:47 . 2009-06-28 20:47 327784 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2009-06-28 20:46 . 2009-06-28 20:46 213264 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\c\choosebonus.df815bbfb8ae7a29a353f0ae65e4af17.dll
2009-06-28 20:45 . 2009-06-28 20:45 323856 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.339a969d902930975b3194643e289fc9.dll
2009-06-28 20:43 . 2009-06-28 20:43 499984 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus.4968e33b858e6c30beb0ac4b11a9c459.dll
2009-06-28 20:43 . 2009-06-28 20:43 1032192 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_flightzone.4d281f29a7152da50722695b99821fe6.dll
2009-06-28 20:43 . 2009-06-28 20:43 508176 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_temp.556fffdfd1bc700038c0a1370a1eb004.dll
2009-06-28 20:43 . 2009-06-28 20:43 524560 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_tggg.f8ba0ccac248b6026b2705996790640a.dll
2009-06-28 20:43 . 2009-06-28 20:43 909584 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_temp.05f0b16a67acb189be99508aa088d348.dll
2009-06-28 20:43 . 2009-06-28 20:43 1216512 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_flightzone.a761e5b6d3a2ea66d5501258ee2ed22b.dll
2009-06-28 20:43 . 2009-06-28 20:43 663824 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx.53bb68e70e798b2ecdf8b9f3b7384e99.dll
2009-06-28 20:43 . 2009-06-28 20:43 1249399 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_tggg.a33335318f7b89139ecd4652b6e8c4b9.dll
2009-06-28 20:43 . 2009-06-28 20:43 672016 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_temp.20587ea0b10b8a6428639d5dfe4fb9c2.dll
2009-06-28 20:43 . 2009-06-28 20:43 643344 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_temp2.42ac279a5f1c55ac224683685ec4fc49.dll
2009-06-28 20:43 . 2009-06-28 20:43 1904753 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2009-06-28 20:41 . 2009-06-28 20:41 204905 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll
2009-06-28 20:41 . 2009-06-28 20:41 114688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
2009-06-28 20:39 . 2009-06-28 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\MGS
2009-06-16 14:36 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 03:24 . 2009-06-13 03:23 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-13 03:23 . 2009-06-13 03:23 -------- d-----w- c:\program files\McAfee.com
2009-06-03 19:09 . 2005-08-16 09:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 18:04 . 2008-01-11 00:13 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-05-27 17:58 . 2008-01-11 00:16 50 ----a-w- c:\windows\system32\bridf05a.dat
2008-01-28 06:22 . 2008-01-28 06:22 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-08_18.57.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-05 04:13 . 2009-08-11 10:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-05 04:13 . 2009-08-08 17:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-02-05 04:13 . 2009-08-11 10:46 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-02-05 04:13 . 2009-08-08 17:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-07-23 933888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\Cynthia Baker\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
IMVU.lnk - c:\documents and settings\Cynthia Baker\Application Data\IMVUClient\IMVUClient.exe [2008-10-16 49408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-24 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-5-27 802816]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\system32\onhelp.htm
FriendlyName= tets

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe"=
"c:\\Program Files\\Yahoo!\\YUM\\yum.exe"=
"c:\\Program Files\\DellSupport\\DSAgnt.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcupdui.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/12/2009 10:26 PM 203280]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-08-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-13 15:53]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-13 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
mStart Page = hxxp://att.net
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: {{D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - c:\casino\Vegas Red Casino\casino.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Cynthia Baker\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: turbotax.com
Trusted Zone: yahoo.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 08:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-08-11 8:51
ComboFix-quarantined-files.txt 2009-08-11 13:51
ComboFix2.txt 2009-08-08 19:06

Pre-Run: 36,826,394,624 bytes free
Post-Run: 36,813,139,968 bytes free

268 --- E O F --- 2009-07-29 08:01
  • 0

#27
cynthia-baker
Posted 12 August 2009 - 01:38 AM

cynthia-baker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi, I think I have a new problem or maybe the same one. I re-started my computer a few minutes ago, and I have a red circle with a white X at the bottom right of the screen and inside a balloon is the following statement:

Your computer is infected! Windows has detected spyware infection!

It is recommended to use special antispyware tools to pervent (misspelled) data loss. Windows will now download and install the most up-to-date antispyware for you.

Click here to protect your computer from spyware!

The positive news is that McAfee keeps recognizing it as Generic FakeAlert.d!gen and keeps blocking it from downloading.

Edited by cynthia-baker, 12 August 2009 - 01:39 AM.

  • 0

#28
RatHat
Posted 12 August 2009 - 10:04 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi Cynthia,

Please uninstall BearShare, then run MBAM again after updating it:
  • Reopen MBAM and click on the Update tab
  • Click the Check for Updates button
  • If an update is found, it will download and install the latest version.
  • Once the update is completed, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#29
cynthia-baker
Posted 12 August 2009 - 12:41 PM

cynthia-baker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
GREAT! That pesty fake alert balloon is gone. Here is MBAM log.

Malwarebytes' Anti-Malware 1.40
Database version: 2612
Windows 5.1.2600 Service Pack 3

8/12/2009 1:29:22 PM
mbam-log-2009-08-12 (13-29-22).txt

Scan type: Quick Scan
Objects scanned: 99515
Time elapsed: 11 minute(s), 29 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
C:\Documents and Settings\Cynthia Baker\Local Settings\temp\b.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Cynthia Baker\Local Settings\temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cynthia Baker\Local Settings\temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cynthia Baker\Local Settings\temp\c.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
  • 0

#30
RatHat
Posted 12 August 2009 - 05:36 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Cynthia,

Please run an online scan with Kaspersky WebScanner.
Note: You must disable your Anti Virus program during the scan. If you are unsure of how to disable these programs, please refer to this page for details.
  • Click the Accept button to agree to the disclaimer.

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded and updated click on My Computer in the Scan settings
    • This will start the scan of your system.
    • The scan will take a while so be patient and let it run until it is complete.
    • Now click on the View scan report link:
  • Click the Save report as button
  • Under Save as type, choose Text file (*.txt)
  • Save the file to your desktop as Kaspersky.txt
  • Copy and paste that information in your next post.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP