View Full Version : Being redirected on Google and Yahoo searches
Google searches redirect me to other websites, usually sypware related or sometimes just other search sites. Yahoo will also seem to do this, I can only use Bing to do my searches. I have run spybot before and it found win32.tdss.rtk but I don't believe it found it last time, but I'm not sure. I removed the items it showed as suspect. I have also run Malware bytes Antimalware and removed the items it listed before I read this forum. Anyway the Hijack this log file is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:45 PM, on 8/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\windows\system32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RioMSC.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\windows\system32\cidaemon.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2e633dd8-72a7-5e0f-b4ae-5efe9f65c5a2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WrtMon.exe] C:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094835945234
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229571234835
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9b4d758204d10) (gupdate1c9b4d758204d10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 11268 bytes
Thanks for the help.
Hi wyopoke
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)
Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..
Here is the gmer.txt info,
GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-09-01 06:06:17
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF52BA4EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF52BA581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF52BA498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF52BA4AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF52BA595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF52BA5C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF52BA62F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF52BA619]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF52BA52A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF52BA65B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF52BA56D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF52BA470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF52BA484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF52BA4FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF52BA697]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF52BA603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF52BA5ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF52BA5AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF52BA683]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF52BA66F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF52BA4D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF52BA4C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF52BA5D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF52BA559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF52BA645]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF52BA540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF52BA514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP F52BA518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP F52BA571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP F52BA5F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP F52BA4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP F52BA4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP F52BA585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP F52BA69B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP F52BA633 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP F52BA474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP F52BA502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP F52BA5DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP F52BA544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP F52BA52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP F52BA4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP F52BA55D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP F52BA488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP F52BA65F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP F52BA61D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP F52BA5C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP F52BA599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP F52BA49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD17 5 Bytes JMP F52BA4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9DA 7 Bytes JMP F52BA649 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E300 7 Bytes JMP F52BA607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E77C 7 Bytes JMP F52BA5AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC71 5 Bytes JMP F52BA673 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0DC 5 Bytes JMP F52BA687 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[256] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[256] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[504] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[504] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[552] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[552] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\system32\winlogon.exe[700] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\system32\winlogon.exe[700] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\system32\services.exe[744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011F0000
.text C:\windows\system32\services.exe[744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011F009A
.text C:\windows\system32\services.exe[744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011F007F
.text C:\windows\system32\services.exe[744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011F006E
.text C:\windows\system32\services.exe[744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011F0FA5
.text C:\windows\system32\services.exe[744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011F002C
.text C:\windows\system32\services.exe[744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011F0F5C
.text C:\windows\system32\services.exe[744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011F0F79
.text C:\windows\system32\services.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011F00E1
.text C:\windows\system32\services.exe[744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011F00D0
.text C:\windows\system32\services.exe[744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011F0F37
.text C:\windows\system32\services.exe[744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011F0047
.text C:\windows\system32\services.exe[744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011F0FDB
.text C:\windows\system32\services.exe[744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011F0F8A
.text C:\windows\system32\services.exe[744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011F0011
.text C:\windows\system32\services.exe[744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011F0FCA
.text C:\windows\system32\services.exe[744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011F00BF
.text C:\windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 011E0FB9
.text C:\windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011E0F83
.text C:\windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 011E0FCA
.text C:\windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 011E0FE5
.text C:\windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 011E0F9E
.text C:\windows\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 011E0000
.text C:\windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 011E0040
.text C:\windows\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 011E002F
.text C:\windows\system32\services.exe[744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0FC3
.text C:\windows\system32\services.exe[744] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0044
.text C:\windows\system32\services.exe[744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FE5
.text C:\windows\system32\services.exe[744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
.text C:\windows\system32\services.exe[744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FD4
.text C:\windows\system32\services.exe[744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0029
.text C:\windows\system32\services.exe[744] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\system32\services.exe[744] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\system32\lsass.exe[756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\windows\system32\lsass.exe[756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90F7C
.text C:\windows\system32\lsass.exe[756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90071
.text C:\windows\system32\lsass.exe[756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F97
.text C:\windows\system32\lsass.exe[756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90FB2
.text C:\windows\system32\lsass.exe[756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FD4
.text C:\windows\system32\lsass.exe[756] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900B0
.text C:\windows\system32\lsass.exe[756] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90093
.text C:\windows\system32\lsass.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F90F32
.text C:\windows\system32\lsass.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F900D5
.text C:\windows\system32\lsass.exe[756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F900F0
.text C:\windows\system32\lsass.exe[756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90FC3
.text C:\windows\system32\lsass.exe[756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FE5
.text C:\windows\system32\lsass.exe[756] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90082
.text C:\windows\system32\lsass.exe[756] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F90040
.text C:\windows\system32\lsass.exe[756] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F9001B
.text C:\windows\system32\lsass.exe[756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F90F57
.text C:\windows\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80000
.text C:\windows\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80F9E
.text C:\windows\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FB9
.text C:\windows\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80FCA
.text C:\windows\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80051
.text C:\windows\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FE5
.text C:\windows\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F80040
.text C:\windows\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80025
.text C:\windows\system32\lsass.exe[756] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70FB2
.text C:\windows\system32\lsass.exe[756] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70FC3
.text C:\windows\system32\lsass.exe[756] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70022
.text C:\windows\system32\lsass.exe[756] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70000
.text C:\windows\system32\lsass.exe[756] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70033
.text C:\windows\system32\lsass.exe[756] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F70011
.text C:\windows\system32\lsass.exe[756] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\system32\lsass.exe[756] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\system32\svchost.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0FEF
.text C:\windows\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0090
.text C:\windows\system32\svchost.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD007F
.text C:\windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD006E
.text C:\windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0051
.text C:\windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0025
.text C:\windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F59
.text C:\windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD00A1
.text C:\windows\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0F19
.text C:\windows\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0F34
.text C:\windows\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD00CD
.text C:\windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0040
.text C:\windows\system32\svchost.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0FD4
.text C:\windows\system32\svchost.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0F76
.text C:\windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0FB9
.text C:\windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0014
.text C:\windows\system32\svchost.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD00B2
.text C:\windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC002C
.text C:\windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0FAC
.text C:\windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC001B
.text C:\windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC000A
.text C:\windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0069
.text C:\windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0FE5
.text C:\windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AC0058
.text C:\windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0047
.text C:\windows\system32\svchost.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0FB2
.text C:\windows\system32\svchost.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0FC3
.text C:\windows\system32\svchost.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0029
.text C:\windows\system32\svchost.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FEF
.text C:\windows\system32\svchost.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FD4
.text C:\windows\system32\svchost.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0018
.text C:\windows\system32\svchost.exe[920] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\system32\svchost.exe[920] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[948] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[948] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00000
.text C:\windows\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00073
.text C:\windows\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00058
.text C:\windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00047
.text C:\windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00036
.text C:\windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C0001B
.text C:\windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00090
.text C:\windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F48
.text C:\windows\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000CD
.text C:\windows\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C000BC
.text C:\windows\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C000DE
.text C:\windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00F9E
.text C:\windows\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00FE5
.text C:\windows\system32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00F63
.text C:\windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C00FB9
.text C:\windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FD4
.text C:\windows\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C000A1
.text C:\windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0036
.text C:\windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0FA5
.text C:\windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FDB
.text C:\windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0011
.text C:\windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0062
.text C:\windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0000
.text C:\windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BF0FB6
.text C:\windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DF, 88]
.text C:\windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0047
.text C:\windows\system32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0064
.text C:\windows\system32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0049
.text C:\windows\system32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FE3
.text C:\windows\system32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\windows\system32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0038
.text C:\windows\system32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE001D
.text C:\windows\system32\svchost.exe[988] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\system32\svchost.exe[988] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02B30FE5
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02B30069
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02B30058
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02B30047
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02B30036
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02B30F94
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02B30F3C
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02B30084
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02B30EFC
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02B3009F
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02B300B0
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02B3001B
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02B30000
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02B30F59
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02B30FA5
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02B30FC0
.text C:\windows\System32\svchost.exe[1080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02B30F21
.text C:\windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B20FDE
.text C:\windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B20F90
.text C:\windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B2002F
.text C:\windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B20014
.text C:\windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02B20FA1
.text C:\windows\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02B20FEF
.text C:\windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02B20FBC
.text C:\windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D2, 8A]
.text C:\windows\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02B20FCD
.text C:\windows\System32\svchost.exe[1080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02B10081
.text C:\windows\System32\svchost.exe[1080] msvcrt.dll!system 77C293C7 5 Bytes JMP 02B10070
.text C:\windows\System32\svchost.exe[1080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02B1003A
.text C:\windows\System32\svchost.exe[1080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02B10000
.text C:\windows\System32\svchost.exe[1080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02B10055
.text C:\windows\System32\svchost.exe[1080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02B10029
.text C:\windows\System32\svchost.exe[1080] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\System32\svchost.exe[1080] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\System32\svchost.exe[1080] WININET.dll!InternetOpenA 3D94C879 5 Bytes JMP 02AF0000
.text C:\windows\System32\svchost.exe[1080] WININET.dll!InternetOpenW 3D94CEA9 5 Bytes JMP 02AF001B
.text C:\windows\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlA 3D950BD2 5 Bytes JMP 02AF0036
.text C:\windows\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlW 3D99B081 5 Bytes JMP 02AF0FEF
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1116] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1116] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00810FEF
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008100A1
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00810086
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00810075
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0081004E
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0081002C
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00810F6A
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008100B2
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!
CreateProcessW 7C802336 5 Bytes JMP 00810F2D
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00810F3E
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008100EB
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0081003D
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0081000A
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00810F91
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0081001B
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00810FD4
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00810F59
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00800FC3
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00800F72
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00800014
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00800FD4
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00800F8D
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00800FE5
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0080002F
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00800FB2
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007F0020
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!system 77C293C7 5 Bytes JMP 007F0F8B
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007F0FC1
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007F0FE3
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007F0F9C
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007F0FD2
.text C:\windows\System32\svchost.exe[1264] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\System32\svchost.exe[1264] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1272] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\McAfee\MPF\MPFSrv.exe[1272] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009E0FE5
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009E0F79
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009E006E
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009E0F94
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009E0FA5
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009E003D
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009E0F4B
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009E0F5C
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009E0F15
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009E0F3A
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009E0EFA
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009E0FC0
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009E0000
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009E0093
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009E002C
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009E001B
.text C:\windows\System32\svchost.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009E00AE
.text C:\windows\System32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009D0FAF
.text C:\windows\System32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009D0F6F
.text C:\windows\System32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009D0FCA
.text C:\windows\System32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009D000A
.text C:\windows\System32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009D0036
.text C:\windows\System32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009D0FE5
.text C:\windows\System32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009D0F8A
.text C:\windows\System32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BD, 88]
.text C:\windows\System32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009D001B
.text C:\windows\System32\svchost.exe[1376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009C0FA6
.text C:\windows\System32\svchost.exe[1376] msvcrt.dll!system 77C293C7 5 Bytes JMP 009C0FB7
.text C:\windows\System32\svchost.exe[1376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009C001D
.text C:\windows\System32\svchost.exe[1376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009C000C
.text C:\windows\System32\svchost.exe[1376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009C0FD2
.text C:\windows\System32\svchost.exe[1376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009C0FEF
.text C:\windows\System32\svchost.exe[1376] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\System32\svchost.exe[1376] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\system32\spoolsv.exe[1476] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\system32\spoolsv.exe[1476] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\system32\nvsvc32.exe[1552] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\system32\nvsvc32.exe[1552] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\System32\alg.exe[1612] C:\windows\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\System32\alg.exe[1612] C:\windows\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0FA5
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0FC0
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC008E
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC007D
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC003D
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F7E
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC00D0
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00FC
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00EB
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0117
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0062
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0011
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00B5
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FD1
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0022
.text C:\windows\System32\svchost.exe[1648] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F6D
.text C:\windows\System32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660039
.text C:\windows\System32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660FAF
.text C:\windows\System32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660FDE
.text C:\windows\System32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0066000A
.text C:\windows\System32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0066006C
.text C:\windows\System32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660FEF
.text C:\windows\System32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0066005B
.text C:\windows\System32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0066004A
.text C:\windows\System32\svchost.exe[1648] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650FA6
.text C:\windows\System32\svchost.exe[1648] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650FB7
.text C:\windows\System32\svchost.exe[1648] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FE3
.text C:\windows\System32\svchost.exe[1648] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\windows\System32\svchost.exe[1648] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FC8
.text C:\windows\System32\svchost.exe[1648] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650011
.text C:\windows\System32\svchost.exe[1648] WININET.dll!InternetOpenA 3D94C879 5 Bytes JMP 0063000A
.text C:\windows\System32\svchost.exe[1648] WININET.dll!InternetOpenW 3D94CEA9 5 Bytes JMP 00630FEF
.text C:\windows\System32\svchost.exe[1648] WININET.dll!InternetOpenUrlA 3D950BD2 5 Bytes JMP 00630FDE
.text C:\windows\System32\svchost.exe[1648] WININET.dll!InternetOpenUrlW 3D99B081 5 Bytes JMP 00630FC3
.text C:\windows\System32\svchost.exe[1648] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\System32\svchost.exe[1648] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1680] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[1680] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\HPZipm12.exe[1704] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\HPZipm12.exe[1704] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[1884] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe[1884] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2000] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\MSN Messenger\msnmsgr.exe[2000] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2016] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Java\jre6\bin\jqs.exe[2016] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A50FEF
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A50067
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A50056
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A50039
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A50F7C
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A5001E
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A50F2B
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A50F46
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A500A9
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A50098
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A500C4
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A50F97
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A50FDE
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A50F57
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A50FB2
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A50FC3
.text C:\windows\System32\svchost.exe[2220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A50F1A
.text C:\windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A40FB9
.text C:\windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A40025
.text C:\windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A40FDE
.text C:\windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A40FEF
.text C:\windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A40F68
.text C:\windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A40000
.text C:\windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A40F83
.text C:\windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C4, 88]
.text C:\windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A40FA8
.text C:\windows\System32\svchost.exe[2220] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A30042
.text C:\windows\System32\svchost.exe[2220] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A30027
.text C:\windows\System32\svchost.exe[2220] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A30FB7
.text C:\windows\System32\svchost.exe[2220] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A30FE3
.text C:\windows\System32\svchost.exe[2220] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A3000C
.text C:\windows\System32\svchost.exe[2220] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A30FD2
.text C:\windows\System32\svchost.exe[2220] C:\windows\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\System32\svchost.exe[2220] C:\windows\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\Explorer.EXE[2616] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90FEF
.text C:\windows\Explorer.EXE[2616] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90F79
.text C:\windows\Explorer.EXE[2616] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F9006E
.text C:\windows\Explorer.EXE[2616] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90051
.text C:\windows\Explorer.EXE[2616] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90F94
.text C:\windows\Explorer.EXE[2616] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FAF
.text C:\windows\Explorer.EXE[2616] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900AE
.text C:\windows\Explorer.EXE[2616] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90093
.text C:\windows\Explorer.EXE[2616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900DA
.text C:\windows\Explorer.EXE[2616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F41
.text C:\windows\Explorer.EXE[2616] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F90F26
.text C:\windows\Explorer.EXE[2616] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F9002C
.text C:\windows\Explorer.EXE[2616] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FD4
.text C:\windows\Explorer.EXE[2616] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90F68
.text C:\windows\Explorer.EXE[2616] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F9001B
.text C:\windows\Explorer.EXE[2616] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F9000A
.text C:\windows\Explorer.EXE[2616] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900BF
.text C:\windows\Explorer.EXE[2616] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F8002C
.text C:\windows\Explorer.EXE[2616] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F8008E
.text C:\windows\Explorer.EXE[2616] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F8001B
.text C:\windows\Explorer.EXE[2616] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80000
.text C:\windows\Explorer.EXE[2616] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F8007D
.text C:\windows\Explorer.EXE[2616] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FE5
.text C:\windows\Explorer.EXE[2616] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F8006C
.text C:\windows\Explorer.EXE[2616] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80047
.text C:\windows\Explorer.EXE[2616] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F60F9C
.text C:\windows\Explorer.EXE[2616] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F6001D
.text C:\windows\Explorer.EXE[2616] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F6000C
.text C:\windows\Explorer.EXE[2616] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F60FEF
.text C:\windows\Explorer.EXE[2616] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F60FAD
.text C:\windows\Explorer.EXE[2616] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F60FD2
.text C:\windows\Explorer.EXE[2616] WININET.dll!InternetOpenA 3D94C879 5 Bytes JMP 00F50FEF
.text C:\windows\Explorer.EXE[2616] WININET.dll!InternetOpenW 3D94CEA9 5 Bytes JMP 00F50FDE
.text C:\windows\Explorer.EXE[2616] WININET.dll!InternetOpenUrlA 3D950BD2 5 Bytes JMP 00F50014
.text C:\windows\Explorer.EXE[2616] WININET.dll!InternetOpenUrlW 3D99B081 5 Bytes JMP 00F50FB9
.text C:\windows\Explorer.EXE[2616] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\Explorer.EXE[2616] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2812] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2812] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[3476] C:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE[3476] C:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\windows\system32\cidaemon.exe[3820] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\windows\system32\cidaemon.exe[3820] C:\WINDOWS\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[580] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[580] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[580] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[580] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[2000] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01102F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[2000] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01102CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[2000] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [01102D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[2000] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01102CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\cidaemon.exe[2436] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00982F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\cidaemon.exe[2436] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00982CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\cidaemon.exe[2436] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00982D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\cidaemon.exe[2436] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00982CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\Explorer.EXE[2616] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\Explorer.EXE[2616] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\Explorer.EXE[2616] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00C22D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\Explorer.EXE[2616] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3240] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3240] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3240] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3240] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\unzipped\gmer\gmer.exe[3604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\unzipped\gmer\gmer.exe[3604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\unzipped\gmer\gmer.exe[3604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\unzipped\gmer\gmer.exe[3604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\cidaemon.exe[3820] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00982F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\cidaemon.exe[3820] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00982CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\cidaemon.exe[3820] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00982D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\cidaemon.exe[3820] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00982CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_550_11965.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_550_11965.SYS (NetBIOS Redirector/Juniper Networks)
Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_550_11965.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_550_11965.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
---- EOF - GMER 1.0.15 ----
Thanks again
Please upload this file - C:\windows\system32\WS2_32.dll to http://virusscan.jotti.org and post back results.
I'm not sure if this is how you wanted me to post this but here's what it found.
Jotti's malware scan
Filename: ws2_32.dll
Status: Scan finished. 9 out of 21 scanners reported malware.
Scan taken on: Wed 2 Sep 2009 04:00:27 (CET) Permalink
--------------------------------------------------------------------------------
Additional info
File size: 82432 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: b87c7ebcb18734bfd51c7758b416d100
SHA1: e9c107072d320cac16f24d3f77743bd3e7dd5545
Scanners
2009-09-01 Found nothing 2009-09-02 Trojan.Patched.EM
2009-09-02 Trojan.Win32.Patched!IK 2009-09-02 Trojan.Win32.Patched
2009-09-01 Win32:Patched-KW 2009-09-02 Trojan.Win32.Patched.hg
2009-09-01 Win32/Patched 2009-09-01 Found nothing
2009-09-01 Found nothing 2009-09-01 Found nothing
2009-09-02 Trojan.Patched.EM 2009-09-01 Found nothing
2009-09-01 Found nothing 2009-09-01 Found nothing
2009-09-02 Found nothing 2009-09-02 Mal/WSHack-A
2009-09-02 Found nothing 2009-09-01 Found nothing
2009-09-01 Found nothing 2009-09-01 Found nothing
2009-09-02 Trojan.Win32.Patched.hg
--------------------------------------------------------------------------------
Scan a file - Hash search - Frequently Asked Questions - Privacy policy
© 2004-2009 Jotti <jotti@jotti.org>
Sponsored by Hotelscraper
Thanks again.
That is fine :)
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
When trying to download the Combofix from the link you gave me, I my antivirus program (McAfee) shows it having the Artemis Virus and blocks it. The instructions on downloading the Combofix program say nothing about disabling antivirus until after the program is downloaded. Any ideas? I'm am concerned about downloading it with the Artemis virus being shown. Below is what my McAfee shows,
McAfee has automatically blocked and removed a Trojan.
About this Trojan
Detected: Artemis!D80477903FDC (Trojan), Artemis!D80477903FDC (Trojan)
Location: C:\Documents and Settings\Lance\Local Settings\Temporary Internet Files\Content.IE5\VAGJVB0S\ComboFix[1].exe
Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.
Program is safe to use, that is false positive by McAfee.
Please disable McAfee before trying to download it and try again.
Here are the new logs with Combofix first.
ComboFix 09-09-01.04 - Lance 09/01/2009 22:39.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.476 [GMT -6:00]
Running from: c:\documents and settings\Lance\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Lance\Local Settings\Temporary Internet Files\temp.dmf
c:\documents and settings\Lance\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\program files\autorun.inf
c:\windows\Fonts\Cattelan.ttf
c:\windows\Installer\10fec677.msp
c:\windows\Installer\10fec678.msp
c:\windows\Installer\10fec679.msp
c:\windows\Installer\10fec67a.msp
c:\windows\Installer\10fec67b.msp
c:\windows\Installer\10fec67c.msp
c:\windows\Installer\10fec67d.msp
c:\windows\Installer\10fec67e.msp
c:\windows\Installer\10fec67f.msp
c:\windows\Installer\11704d6.msp
c:\windows\Installer\11704d7.msp
c:\windows\Installer\11704d8.msp
c:\windows\Installer\11704d9.msp
c:\windows\Installer\11704da.msp
c:\windows\Installer\11704db.msp
c:\windows\Installer\11704dc.msp
c:\windows\Installer\11704dd.msp
c:\windows\Installer\11704de.msp
c:\windows\Installer\1314d69.msp
c:\windows\Installer\1314d6a.msp
c:\windows\Installer\1314d6b.msp
c:\windows\Installer\1314d6c.msp
c:\windows\Installer\1314d6d.msp
c:\windows\Installer\1314d6e.msp
c:\windows\Installer\1314d6f.msp
c:\windows\Installer\1314d70.msp
c:\windows\Installer\1314d71.msp
c:\windows\Installer\135b3d53.msp
c:\windows\Installer\135b3d54.msp
c:\windows\Installer\135b3d55.msp
c:\windows\Installer\135b3d56.msp
c:\windows\Installer\135b3d57.msp
c:\windows\Installer\135b3d58.msp
c:\windows\Installer\135b3d59.msp
c:\windows\Installer\135b3d5a.msp
c:\windows\Installer\135b3d5b.msp
c:\windows\Installer\1482e2a.msp
c:\windows\Installer\1482e2b.msp
c:\windows\Installer\1482e2c.msp
c:\windows\Installer\1482e2d.msp
c:\windows\Installer\1482e2e.msp
c:\windows\Installer\1482e2f.msp
c:\windows\Installer\1482e30.msp
c:\windows\Installer\1482e31.msp
c:\windows\Installer\1482e32.msp
c:\windows\Installer\15c9677.msp
c:\windows\Installer\15c9678.msp
c:\windows\Installer\15c9679.msp
c:\windows\Installer\15c967a.msp
c:\windows\Installer\15c967b.msp
c:\windows\Installer\15c967c.msp
c:\windows\Installer\15c967d.msp
c:\windows\Installer\15c967e.msp
c:\windows\Installer\15c967f.msp
c:\windows\Installer\15de01e.msp
c:\windows\Installer\15de01f.msp
c:\windows\Installer\15de020.msp
c:\windows\Installer\15de021.msp
c:\windows\Installer\15de022.msp
c:\windows\Installer\15de023.msp
c:\windows\Installer\15de024.msp
c:\windows\Installer\15de025.msp
c:\windows\Installer\15de026.msp
c:\windows\Installer\162532d2.msp
c:\windows\Installer\162532d3.msp
c:\windows\Installer\162532d4.msp
c:\windows\Installer\162532d5.msp
c:\windows\Installer\162532d6.msp
c:\windows\Installer\162532d7.msp
c:\windows\Installer\162532d8.msp
c:\windows\Installer\162532d9.msp
c:\windows\Installer\162532da.msp
c:\windows\Installer\162af42.msp
c:\windows\Installer\162af43.msp
c:\windows\Installer\162af44.msp
c:\windows\Installer\162af45.msp
c:\windows\Installer\162af46.msp
c:\windows\Installer\162af47.msp
c:\windows\Installer\162af48.msp
c:\windows\Installer\162af49.msp
c:\windows\Installer\162af4a.msp
c:\windows\Installer\1881a866.msp
c:\windows\Installer\1881a867.msp
c:\windows\Installer\1881a868.msp
c:\windows\Installer\1881a869.msp
c:\windows\Installer\1881a86a.msp
c:\windows\Installer\1881a86b.msp
c:\windows\Installer\1881a86c.msp
c:\windows\Installer\1881a86d.msp
c:\windows\Installer\1881a86e.msp
c:\windows\Installer\18bbfa6.msp
c:\windows\Installer\18bbfa7.msp
c:\windows\Installer\18bbfa8.msp
c:\windows\Installer\18bbfa9.msp
c:\windows\Installer\18bbfaa.msp
c:\windows\Installer\18bbfab.msp
c:\windows\Installer\18bbfac.msp
c:\windows\Installer\18bbfad.msp
c:\windows\Installer\18bbfae.msp
c:\windows\Installer\1b4ba018.msp
c:\windows\Installer\1b4ba019.msp
c:\windows\Installer\1b4ba01a.msp
c:\windows\Installer\1b4ba01b.msp
c:\windows\Installer\1b4ba01c.msp
c:\windows\Installer\1b4ba01d.msp
c:\windows\Installer\1b4ba01e.msp
c:\windows\Installer\1b4ba01f.msp
c:\windows\Installer\1b4ba020.msp
c:\windows\Installer\1da80243.msp
c:\windows\Installer\1da80244.msp
c:\windows\Installer\1da80245.msp
c:\windows\Installer\1da80246.msp
c:\windows\Installer\1da80247.msp
c:\windows\Installer\1da80248.msp
c:\windows\Installer\1da80249.msp
c:\windows\Installer\1da8024a.msp
c:\windows\Installer\1da8024b.msp
c:\windows\Installer\1f6982.msp
c:\windows\Installer\1f6983.msp
c:\windows\Installer\1f6984.msp
c:\windows\Installer\1f6985.msp
c:\windows\Installer\1f6986.msp
c:\windows\Installer\1f6987.msp
c:\windows\Installer\1f6988.msp
c:\windows\Installer\1f6989.msp
c:\windows\Installer\1f698a.msp
c:\windows\Installer\20720705.msp
c:\windows\Installer\20720706.msp
c:\windows\Installer\20720707.msp
c:\windows\Installer\20720708.msp
c:\windows\Installer\20720709.msp
c:\windows\Installer\2072070a.msp
c:\windows\Installer\2072070b.msp
c:\windows\Installer\2072070c.msp
c:\windows\Installer\2072070d.msp
c:\windows\Installer\20ccdcb.msp
c:\windows\Installer\20ccdcc.msp
c:\windows\Installer\20ccdcd.msp
c:\windows\Installer\20ccdce.msp
c:\windows\Installer\20ccdcf.msp
c:\windows\Installer\20ccdd0.msp
c:\windows\Installer\20ccdd1.msp
c:\windows\Installer\20ccdd2.msp
c:\windows\Installer\20ccdd3.msp
c:\windows\Installer\2218dbf.msp
c:\windows\Installer\2218dc0.msp
c:\windows\Installer\2218dc1.msp
c:\windows\Installer\2218dc2.msp
c:\windows\Installer\2218dc3.msp
c:\windows\Installer\2218dc4.msp
c:\windows\Installer\2218dc5.msp
c:\windows\Installer\2218dc6.msp
c:\windows\Installer\2218dc7.msp
c:\windows\Installer\22ce7ce7.msp
c:\windows\Installer\22ce7ce8.msp
c:\windows\Installer\22ce7ce9.msp
c:\windows\Installer\22ce7cea.msp
c:\windows\Installer\22ce7ceb.msp
c:\windows\Installer\22ce7cec.msp
c:\windows\Installer\22ce7ced.msp
c:\windows\Installer\22ce7cee.msp
c:\windows\Installer\22ce7cef.msp
c:\windows\Installer\232bd9.msp
c:\windows\Installer\232bda.msp
c:\windows\Installer\232bdb.msp
c:\windows\Installer\232bdc.msp
c:\windows\Installer\232bdd.msp
c:\windows\Installer\232bde.msp
c:\windows\Installer\232bdf.msp
c:\windows\Installer\232be0.msp
c:\windows\Installer\232be1.msp
c:\windows\Installer\25983b1a.msp
c:\windows\Installer\25983b1b.msp
c:\windows\Installer\25983b1c.msp
c:\windows\Installer\25983b1d.msp
c:\windows\Installer\25983b1e.msp
c:\windows\Installer\25983b1f.msp
c:\windows\Installer\25983b20.msp
c:\windows\Installer\25983b21.msp
c:\windows\Installer\25983b22.msp
c:\windows\Installer\27f4addf.msp
c:\windows\Installer\27f4ade0.msp
c:\windows\Installer\27f4ade1.msp
c:\windows\Installer\27f4ade2.msp
c:\windows\Installer\27f4ade3.msp
c:\windows\Installer\27f4ade4.msp
c:\windows\Installer\27f4ade5.msp
c:\windows\Installer\27f4ade6.msp
c:\windows\Installer\27f4ade7.msp
c:\windows\Installer\296a9.msp
c:\windows\Installer\296aa.msp
c:\windows\Installer\296ab.msp
c:\windows\Installer\296ac.msp
c:\windows\Installer\296ad.msp
c:\windows\Installer\296ae.msp
c:\windows\Installer\296af.msp
c:\windows\Installer\296b0.msp
c:\windows\Installer\296b1.msp
c:\windows\Installer\2abeb0fb.msp
c:\windows\Installer\2abeb0fc.msp
c:\windows\Installer\2abeb0fd.msp
c:\windows\Installer\2abeb0fe.msp
c:\windows\Installer\2abeb0ff.msp
c:\windows\Installer\2abeb100.msp
c:\windows\Installer\2abeb101.msp
c:\windows\Installer\2abeb102.msp
c:\windows\Installer\2abeb103.msp
c:\windows\Installer\2b323e3.msp
c:\windows\Installer\2b323e4.msp
c:\windows\Installer\2b323e5.msp
c:\windows\Installer\2b323e6.msp
c:\windows\Installer\2b323e7.msp
c:\windows\Installer\2b323e8.msp
c:\windows\Installer\2b323e9.msp
c:\windows\Installer\2b323ea.msp
c:\windows\Installer\2b323eb.msp
c:\windows\Installer\2b35851.msp
c:\windows\Installer\2b35852.msp
c:\windows\Installer\2b35853.msp
c:\windows\Installer\2b35854.msp
c:\windows\Installer\2b35855.msp
c:\windows\Installer\2b35856.msp
c:\windows\Installer\2b35857.msp
c:\windows\Installer\2b35858.msp
c:\windows\Installer\2b35859.msp
c:\windows\Installer\2c3a5.msp
c:\windows\Installer\2c3a6.msp
c:\windows\Installer\2c3a7.msp
c:\windows\Installer\2c3a8.msp
c:\windows\Installer\2c3a9.msp
c:\windows\Installer\2c3aa.msp
c:\windows\Installer\2c3ab.msp
c:\windows\Installer\2c3ac.msp
c:\windows\Installer\2c3ad.msp
c:\windows\Installer\2d1b127a.msp
c:\windows\Installer\2d1b127b.msp
c:\windows\Installer\2d1b127c.msp
c:\windows\Installer\2d1b127d.msp
c:\windows\Installer\2d1b127e.msp
c:\windows\Installer\2d1b127f.msp
c:\windows\Installer\2d1b1280.msp
c:\windows\Installer\2d1b1281.msp
c:\windows\Installer\2d1b1282.msp
c:\windows\Installer\2d51a.msp
c:\windows\Installer\2d51b.msp
c:\windows\Installer\2d51c.msp
c:\windows\Installer\2d51d.msp
c:\windows\Installer\2d51e.msp
c:\windows\Installer\2d51f.msp
c:\windows\Installer\2d520.msp
c:\windows\Installer\2d521.msp
c:\windows\Installer\2d522.msp
c:\windows\Installer\2d633.msp
c:\windows\Installer\2d634.msp
c:\windows\Installer\2d635.msp
c:\windows\Installer\2d636.msp
c:\windows\Installer\2d637.msp
c:\windows\Installer\2d638.msp
c:\windows\Installer\2d639.msp
c:\windows\Installer\2d63a.msp
c:\windows\Installer\2d63b.msp
c:\windows\Installer\2d74900.msp
c:\windows\Installer\2d74901.msp
c:\windows\Installer\2d74902.msp
c:\windows\Installer\2d74903.msp
c:\windows\Installer\2d74904.msp
c:\windows\Installer\2d74905.msp
c:\windows\Installer\2d74906.msp
c:\windows\Installer\2d74907.msp
c:\windows\Installer\2d74908.msp
c:\windows\Installer\2ddd4.msp
c:\windows\Installer\2ddd5.msp
c:\windows\Installer\2ddd6.msp
c:\windows\Installer\2ddd7.msp
c:\windows\Installer\2ddd8.msp
c:\windows\Installer\2ddd9.msp
c:\windows\Installer\2ddda.msp
c:\windows\Installer\2dddb.msp
c:\windows\Installer\2dddc.msp
c:\windows\Installer\2e78976.msp
c:\windows\Installer\2e78977.msp
c:\windows\Installer\2e78978.msp
c:\windows\Installer\2e78979.msp
c:\windows\Installer\2e7897a.msp
c:\windows\Installer\2e7897b.msp
c:\windows\Installer\2e7897c.msp
c:\windows\Installer\2e7897d.msp
c:\windows\Installer\2e7897e.msp
c:\windows\Installer\2e7f6.msp
c:\windows\Installer\2e7f7.msp
c:\windows\Installer\2e7f8.msp
c:\windows\Installer\2e7f9.msp
c:\windows\Installer\2e7fa.msp
c:\windows\Installer\2e7fb.msp
c:\windows\Installer\2e7fc.msp
c:\windows\Installer\2e7fd.msp
c:\windows\Installer\2e7fe.msp
c:\windows\Installer\2ece3234.msp
c:\windows\Installer\2ece3235.msp
c:\windows\Installer\2ece3236.msp
c:\windows\Installer\2ece3237.msp
c:\windows\Installer\2ece3238.msp
c:\windows\Installer\2ece3239.msp
c:\windows\Installer\2ece323a.msp
c:\windows\Installer\2ece323b.msp
c:\windows\Installer\2ece323c.msp
c:\windows\Installer\2fb8d.msp
c:\windows\Installer\2fb8e.msp
c:\windows\Installer\2fb8f.msp
c:\windows\Installer\2fb90.msp
c:\windows\Installer\2fb91.msp
c:\windows\Installer\2fb92.msp
c:\windows\Installer\2fb93.msp
c:\windows\Installer\2fb94.msp
c:\windows\Installer\2fb95.msp
c:\windows\Installer\2fe4ff7e.msp
c:\windows\Installer\2fe4ff7f.msp
c:\windows\Installer\2fe4ff80.msp
c:\windows\Installer\2fe4ff81.msp
c:\windows\Installer\2fe4ff82.msp
c:\windows\Installer\2fe4ff83.msp
c:\windows\Installer\2fe4ff84.msp
c:\windows\Installer\2fe4ff85.msp
c:\windows\Installer\2fe4ff86.msp
c:\windows\Installer\3035d.msp
c:\windows\Installer\3035e.msp
c:\windows\Installer\3035f.msp
c:\windows\Installer\30360.msp
c:\windows\Installer\30361.msp
c:\windows\Installer\30362.msp
c:\windows\Installer\30363.msp
c:\windows\Installer\30364.msp
c:\windows\Installer\30365.msp
c:\windows\Installer\3061c.msp
c:\windows\Installer\3061d.msp
c:\windows\Installer\3061e.msp
c:\windows\Installer\3061f.msp
c:\windows\Installer\30620.msp
c:\windows\Installer\30621.msp
c:\windows\Installer\30622.msp
c:\windows\Installer\30623.msp
c:\windows\Installer\30624.msp
c:\windows\Installer\30c75.msp
c:\windows\Installer\30c76.msp
c:\windows\Installer\30c77.msp
c:\windows\Installer\30c78.msp
c:\windows\Installer\30c79.msp
c:\windows\Installer\30c7a.msp
c:\windows\Installer\30c7b.msp
c:\windows\Installer\30c7c.msp
c:\windows\Installer\30c7d.msp
c:\windows\Installer\31995.msp
c:\windows\Installer\31996.msp
c:\windows\Installer\31997.msp
c:\windows\Installer\31998.msp
c:\windows\Installer\31999.msp
c:\windows\Installer\3199a.msp
c:\windows\Installer\3199b.msp
c:\windows\Installer\3199c.msp
c:\windows\Installer\3199d.msp
c:\windows\Installer\32230.msp
c:\windows\Installer\32231.msp
c:\windows\Installer\32232.msp
c:\windows\Installer\32233.msp
c:\windows\Installer\32234.msp
c:\windows\Installer\32235.msp
c:\windows\Installer\32236.msp
c:\windows\Installer\32237.msp
c:\windows\Installer\32238.msp
c:\windows\Installer\32417716.msp
c:\windows\Installer\32417717.msp
c:\windows\Installer\32417718.msp
c:\windows\Installer\32417719.msp
c:\windows\Installer\3241771a.msp
c:\windows\Installer\3241771b.msp
c:\windows\Installer\3241771c.msp
c:\windows\Installer\3241771d.msp
c:\windows\Installer\3241771e.msp
c:\windows\Installer\3258b.msp
c:\windows\Installer\3258c.msp
c:\windows\Installer\3258d.msp
c:\windows\Installer\3258e.msp
c:\windows\Installer\3258f.msp
c:\windows\Installer\32590.msp
c:\windows\Installer\32591.msp
c:\windows\Installer\32592.msp
c:\windows\Installer\32593.msp
c:\windows\Installer\327cd.msp
c:\windows\Installer\327ce.msp
c:\windows\Installer\327cf.msp
c:\windows\Installer\327d0.msp
c:\windows\Installer\327d1.msp
c:\windows\Installer\327d2.msp
c:\windows\Installer\327d3.msp
c:\windows\Installer\327d4.msp
c:\windows\Installer\327d5.msp
c:\windows\Installer\32e115f.msp
c:\windows\Installer\32e1160.msp
c:\windows\Installer\32e1161.msp
c:\windows\Installer\32e1162.msp
c:\windows\Installer\32e1163.msp
c:\windows\Installer\32e1164.msp
c:\windows\Installer\32e1165.msp
c:\windows\Installer\32e1166.msp
c:\windows\Installer\32e1167.msp
c:\windows\Installer\344e59c.msp
c:\windows\Installer\344e59d.msp
c:\windows\Installer\344e59e.msp
c:\windows\Installer\344e59f.msp
c:\windows\Installer\344e5a0.msp
c:\windows\Installer\344e5a1.msp
c:\windows\Installer\344e5a2.msp
c:\windows\Installer\344e5a3.msp
c:\windows\Installer\344e5a4.msp
c:\windows\Installer\350b7d10.msp
c:\windows\Installer\350b7d11.msp
c:\windows\Installer\350b7d12.msp
c:\windows\Installer\350b7d13.msp
c:\windows\Installer\350b7d14.msp
c:\windows\Installer\350b7d15.msp
c:\windows\Installer\350b7d16.msp
c:\windows\Installer\350b7d17.msp
c:\windows\Installer\350b7d18.msp
c:\windows\Installer\35863.msp
c:\windows\Installer\35864.msp
c:\windows\Installer\35865.msp
c:\windows\Installer\35866.msp
c:\windows\Installer\35867.msp
c:\windows\Installer\35868.msp
c:\windows\Installer\35869.msp
c:\windows\Installer\3586a.msp
c:\windows\Installer\3586b.msp
c:\windows\Installer\35b51.msp
c:\windows\Installer\35b52.msp
c:\windows\Installer\35b53.msp
c:\windows\Installer\35b54.msp
c:\windows\Installer\35b55.msp
c:\windows\Installer\35b56.msp
c:\windows\Installer\35b57.msp
c:\windows\Installer\35b58.msp
c:\windows\Installer\35b59.msp
c:\windows\Installer\36c68.msp
c:\windows\Installer\36c69.msp
c:\windows\Installer\36c6a.msp
c:\windows\Installer\36c6b.msp
c:\windows\Installer\36c6c.msp
c:\windows\Installer\36c6d.msp
c:\windows\Installer\36c6e.msp
c:\windows\Installer\36c6f.msp
c:\windows\Installer\36c70.msp
c:\windows\Installer\3767ea28.msp
c:\windows\Installer\3767ea29.msp
c:\windows\Installer\3767ea2a.msp
c:\windows\Installer\3767ea2b.msp
c:\windows\Installer\3767ea2c.msp
c:\windows\Installer\3767ea2d.msp
c:\windows\Installer\3767ea2e.msp
c:\windows\Installer\3767ea2f.msp
c:\windows\Installer\3767ea30.msp
c:\windows\Installer\37f63.msp
c:\windows\Installer\37f64.msp
c:\windows\Installer\37f65.msp
c:\windows\Installer\37f66.msp
c:\windows\Installer\37f67.msp
c:\windows\Installer\37f68.msp
c:\windows\Installer\37f69.msp
c:\windows\Installer\37f6a.msp
c:\windows\Installer\37f6b.msp
c:\windows\Installer\383b9.msp
c:\windows\Installer\383ba.msp
c:\windows\Installer\383bb.msp
c:\windows\Installer\383bc.msp
c:\windows\Installer\383bd.msp
c:\windows\Installer\383be.msp
c:\windows\Installer\383bf.msp
c:\windows\Installer\383c0.msp
c:\windows\Installer\383c1.msp
c:\windows\Installer\3885c.msp
c:\windows\Installer\3885d.msp
c:\windows\Installer\3885e.msp
c:\windows\Installer\3885f.msp
c:\windows\Installer\38860.msp
c:\windows\Installer\38861.msp
c:\windows\Installer\38862.msp
c:\windows\Installer\38863.msp
c:\windows\Installer\38864.msp
c:\windows\Installer\39443.msp
c:\windows\Installer\39444.msp
c:\windows\Installer\39445.msp
c:\windows\Installer\39446.msp
c:\windows\Installer\39447.msp
c:\windows\Installer\39448.msp
c:\windows\Installer\39449.msp
c:\windows\Installer\3944a.msp
c:\windows\Installer\3944b.msp
c:\windows\Installer\39605b.msp
c:\windows\Installer\39605c.msp
c:\windows\Installer\39605d.msp
c:\windows\Installer\39605e.msp
c:\windows\Installer\39605f.msp
c:\windows\Installer\396060.msp
c:\windows\Installer\396061.msp
c:\windows\Installer\396062.msp
c:\windows\Installer\396063.msp
c:\windows\Installer\3a31c133.msp
c:\windows\Installer\3a31c134.msp
c:\windows\Installer\3a31c135.msp
c:\windows\Installer\3a31c136.msp
c:\windows\Installer\3a31c137.msp
c:\windows\Installer\3a31c138.msp
c:\windows\Installer\3a31c139.msp
c:\windows\Installer\3a31c13a.msp
c:\windows\Installer\3a31c13b.msp
c:\windows\Installer\3ac01.msp
c:\windows\Installer\3ac02.msp
c:\windows\Installer\3ac03.msp
c:\windows\Installer\3ac04.msp
c:\windows\Installer\3ac05.msp
c:\windows\Installer\3ac06.msp
c:\windows\Installer\3ac07.msp
c:\windows\Installer\3ac08.msp
c:\windows\Installer\3ac09.msp
c:\windows\Installer\3b71d.msp
c:\windows\Installer\3b71e.msp
c:\windows\Installer\3b71f.msp
c:\windows\Installer\3b720.msp
c:\windows\Installer\3b721.msp
c:\windows\Installer\3b722.msp
c:\windows\Installer\3b723.msp
c:\windows\Installer\3b724.msp
c:\windows\Installer\3b725.msp
c:\windows\Installer\3c5a4.msp
c:\windows\Installer\3c5a5.msp
c:\windows\Installer\3c5a6.msp
c:\windows\Installer\3c5a7.msp
c:\windows\Installer\3c5a8.msp
c:\windows\Installer\3c5a9.msp
c:\windows\Installer\3c5aa.msp
c:\windows\Installer\3c5ab.msp
c:\windows\Installer\3c5ac.msp
c:\windows\Installer\3c8e2f64.msp
c:\windows\Installer\3c8e2f65.msp
c:\windows\Installer\3c8e2f66.msp
c:\windows\Installer\3c8e2f67.msp
c:\windows\Installer\3c8e2f68.msp
c:\windows\Installer\3c8e2f69.msp
c:\windows\Installer\3c8e2f6a.msp
c:\windows\Installer\3c8e2f6b.msp
c:\windows\Installer\3c8e2f6c.msp
c:\windows\Installer\3c91e.msp
c:\windows\Installer\3c91f.msp
c:\windows\Installer\3c920.msp
c:\windows\Installer\3c921.msp
c:\windows\Installer\3c922.msp
c:\windows\Installer\3c923.msp
c:\windows\Installer\3c924.msp
c:\windows\Installer\3c925.msp
c:\windows\Installer\3c926.msp
c:\windows\Installer\3d311.msp
c:\windows\Installer\3d312.msp
c:\windows\Installer\3d313.msp
c:\windows\Installer\3d314.msp
c:\windows\Installer\3d315.msp
c:\windows\Installer\3d316.msp
c:\windows\Installer\3d317.msp
c:\windows\Installer\3d318.msp
c:\windows\Installer\3d319.msp
c:\windows\Installer\3e8419d.msp
c:\windows\Installer\3e8419e.msp
c:\windows\Installer\3e8419f.msp
c:\windows\Installer\3e841a0.msp
c:\windows\Installer\3e841a1.msp
c:\windows\Installer\3e841a2.msp
c:\windows\Installer\3e841a3.msp
c:\windows\Installer\3e841a4.msp
c:\windows\Installer\3e841a5.msp
c:\windows\Installer\3f3c8.msp
c:\windows\Installer\3f3c9.msp
c:\windows\Installer\3f3ca.msp
c:\windows\Installer\3f3cb.msp
c:\windows\Installer\3f3cc.msp
c:\windows\Installer\3f3cd.msp
c:\windows\Installer\3f3ce.msp
c:\windows\Installer\3f3cf.msp
c:\windows\Installer\3f3d0.msp
c:\windows\Installer\3f581cc5.msp
c:\windows\Installer\3f581cc6.msp
c:\windows\Installer\3f581cc7.msp
c:\windows\Installer\3f581cc8.msp
c:\windows\Installer\3f581cc9.msp
c:\windows\Installer\3f581cca.msp
c:\windows\Installer\3f581ccb.msp
c:\windows\Installer\3f581ccc.msp
c:\windows\Installer\3f581ccd.msp
c:\windows\Installer\40fbc.msp
c:\windows\Installer\40fbd.msp
c:\windows\Installer\40fbe.msp
c:\windows\Installer\40fbf.msp
c:\windows\Installer\40fc0.msp
c:\windows\Installer\40fc1.msp
c:\windows\Installer\40fc2.msp
c:\windows\Installer\40fc3.msp
c:\windows\Installer\40fc4.msp
c:\windows\Installer\41327.msp
c:\windows\Installer\41328.msp
c:\windows\Installer\41329.msp
c:\windows\Installer\4132a.msp
c:\windows\Installer\4132b.msp
c:\windows\Installer\4132c.msp
c:\windows\Installer\4132d.msp
c:\windows\Installer\4132e.msp
c:\windows\Installer\4132f.msp
c:\windows\Installer\41b48970.msp
c:\windows\Installer\41b48971.msp
c:\windows\Installer\41b48972.msp
c:\windows\Installer\41b48973.msp
c:\windows\Installer\41b48974.msp
c:\windows\Installer\41b48975.msp
c:\windows\Installer\41b48976.msp
c:\windows\Installer\41b48977.msp
c:\windows\Installer\41b48978.msp
c:\windows\Installer\423b2.msp
c:\windows\Installer\423b3.msp
c:\windows\Installer\423b4.msp
c:\windows\Installer\423b5.msp
c:\windows\Installer\423b6.msp
c:\windows\Installer\423b7.msp
c:\windows\Installer\423b8.msp
c:\windows\Installer\423b9.msp
c:\windows\Installer\423ba.msp
c:\windows\Installer\4366f.msp
c:\windows\Installer\43670.msp
c:\windows\Installer\43671.msp
c:\windows\Installer\43672.msp
c:\windows\Installer\43673.msp
c:\windows\Installer\43674.msp
c:\windows\Installer\43675.msp
c:\windows\Installer\43676.msp
c:\windows\Installer\43677.msp
c:\windows\Installer\447e8cf9.msp
c:\windows\Installer\447e8cfa.msp
c:\windows\Installer\447e8cfb.msp
c:\windows\Installer\447e8cfc.msp
c:\windows\Installer\447e8cfd.msp
c:\windows\Installer\447e8cfe.msp
c:\windows\Installer\447e8cff.msp
c:\windows\Installer\447e8d00.msp
c:\windows\Installer\447e8d01.msp
c:\windows\Installer\449ebb60.msp
c:\windows\Installer\449ebb61.msp
c:\windows\Installer\449ebb62.msp
c:\windows\Installer\449ebb63.msp
c:\windows\Installer\449ebb64.msp
c:\windows\Installer\449ebb65.msp
c:\windows\Installer\449ebb66.msp
c:\windows\Installer\449ebb67.msp
c:\windows\Installer\449ebb68.msp
c:\windows\Installer\45f73.msp
c:\windows\Installer\45f74.msp
c:\windows\Installer\45f75.msp
c:\windows\Installer\45f76.msp
c:\windows\Installer\45f77.msp
c:\windows\Installer\45f78.msp
c:\windows\Installer\45f79.msp
c:\windows\Installer\45f7a.msp
c:\windows\Installer\45f7b.msp
c:\windows\Installer\463d8.msp
c:\windows\Installer\463d9.msp
c:\windows\Installer\463da.msp
c:\windows\Installer\463db.msp
c:\windows\Installer\463dc.msp
c:\windows\Installer\463dd.msp
c:\windows\Installer\463de.msp
c:\windows\Installer\463df.msp
c:\windows\Installer\463e0.msp
c:\windows\Installer\46b1b.msp
c:\windows\Installer\46b1c.msp
c:\windows\Installer\46b1d.msp
c:\windows\Installer\46b1e.msp
c:\windows\Installer\46b1f.msp
c:\windows\Installer\46b20.msp
c:\windows\Installer\46b21.msp
c:\windows\Installer\46b22.msp
c:\windows\Installer\46b23.msp
c:\windows\Installer\48d11b2c.msp
c:\windows\Installer\48d11b2d.msp
c:\windows\Installer\48d11b2e.msp
c:\windows\Installer\48d11b2f.msp
c:\windows\Installer\48d11b30.msp
c:\windows\Installer\48d11b31.msp
c:\windows\Installer\48d11b32.msp
c:\windows\Installer\48d11b33.msp
c:\windows\Installer\48d11b34.msp
c:\windows\Installer\493a2.msp
c:\windows\Installer\493a3.msp
c:\windows\Installer\493a4.msp
c:\windows\Installer\493a5.msp
c:\windows\Installer\493a6.msp
c:\windows\Installer\493a7.msp
c:\windows\Installer\493a8.msp
c:\windows\Installer\493a9.msp
c:\windows\Installer\493aa.msp
c:\windows\Installer\49d56.msp
c:\windows\Installer\49d57.msp
c:\windows\Installer\49d58.msp
c:\windows\Installer\49d59.msp
c:\windows\Installer\49d5a.msp
c:\windows\Installer\49d5b.msp
c:\windows\Installer\49d5c.msp
c:\windows\Installer\49d5d.msp
c:\windows\Installer\49d5e.msp
c:\windows\Installer\4cc85.msp
c:\windows\Installer\4cc86.msp
c:\windows\Installer\4cc87.msp
c:\windows\Installer\4cc88.msp
c:\windows\Installer\4cc89.msp
c:\windows\Installer\4cc8a.msp
c:\windows\Installer\4cc8b.msp
c:\windows\Installer\4cc8c.msp
c:\windows\Installer\4cc8d.msp
c:\windows\Installer\4cf24.msp
c:\windows\Installer\4cf25.msp
c:\windows\Installer\4cf26.msp
c:\windows\Installer\4cf27.msp
c:\windows\Installer\4cf28.msp
c:\windows\Installer\4cf29.msp
c:\windows\Installer\4cf2a.msp
c:\windows\Installer\4cf2b.msp
c:\windows\Installer\4cf2c.msp
c:\windows\Installer\4f097.msp
c:\windows\Installer\4f098.msp
c:\windows\Installer\4f099.msp
c:\windows\Installer\4f09a.msp
c:\windows\Installer\4f09b.msp
c:\windows\Installer\4f09c.msp
c:\windows\Installer\4f09d.msp
c:\windows\Installer\4f09e.msp
c:\windows\Installer\4f09f.msp
c:\windows\Installer\4fd467.msp
c:\windows\Installer\4fd468.msp
c:\windows\Installer\4fd469.msp
c:\windows\Installer\4fd46a.msp
c:\windows\Installer\4fd46b.msp
c:\windows\Installer\4fd46c.msp
c:\windows\Installer\4fd46d.msp
c:\windows\Installer\4fd46e.msp
c:\windows\Installer\4fd46f.msp
c:\windows\Installer\503c1.msp
c:\windows\Installer\503c2.msp
c:\windows\Installer\503c3.msp
c:\windows\Installer\503c4.msp
c:\windows\Installer\503c5.msp
c:\windows\Installer\503c6.msp
c:\windows\Installer\503c7.msp
c:\windows\Installer\503c8.msp
c:\windows\Installer\503c9.msp
c:\windows\Installer\52217.msp
c:\windows\Installer\52218.msp
c:\windows\Installer\52219.msp
c:\windows\Installer\5221a.msp
c:\windows\Installer\5221b.msp
c:\windows\Installer\5221c.msp
c:\windows\Installer\5221d.msp
c:\windows\Installer\5221e.msp
c:\windows\Installer\5221f.msp
c:\windows\Installer\55329.msp
c:\windows\Installer\5532a.msp
c:\windows\Installer\5532b.msp
c:\windows\Installer\5532c.msp
c:\windows\Installer\5532d.msp
c:\windows\Installer\5532e.msp
c:\windows\Installer\5532f.msp
c:\windows\Installer\55330.msp
c:\windows\Installer\55331.msp
c:\windows\Installer\5f3ef23.msp
c:\windows\Installer\5f3ef24.msp
c:\windows\Installer\5f3ef25.msp
c:\windows\Installer\5f3ef26.msp
c:\windows\Installer\5f3ef27.msp
c:\windows\Installer\5f3ef28.msp
c:\windows\Installer\5f3ef29.msp
c:\windows\Installer\5f3ef2a.msp
c:\windows\Installer\5f3ef2b.msp
c:\windows\Installer\61456.msp
c:\windows\Installer\61457.msp
c:\windows\Installer\61458.msp
c:\windows\Installer\61459.msp
c:\windows\Installer\6145a.msp
c:\windows\Installer\6145b.msp
c:\windows\Installer\6145c.msp
c:\windows\Installer\6145d.msp
c:\windows\Installer\6145e.msp
c:\windows\Installer\68917a6.msp
c:\windows\Installer\68917a7.msp
c:\windows\Installer\68917a8.msp
c:\windows\Installer\68917a9.msp
c:\windows\Installer\68917aa.msp
c:\windows\Installer\68917ab.msp
c:\windows\Installer\68917ac.msp
c:\windows\Installer\68917ad.msp
c:\windows\Installer\68917ae.msp
c:\windows\Installer\6b16eb.msp
c:\windows\Installer\6b16ec.msp
c:\windows\Installer\6b16ed.msp
c:\windows\Installer\6b16ee.msp
c:\windows\Installer\6b16ef.msp
c:\windows\Installer\6b16f0.msp
c:\windows\Installer\6b16f1.msp
c:\windows\Installer\6b16f2.msp
c:\windows\Installer\6b16f3.msp
c:\windows\Installer\6b209b4.msp
c:\windows\Installer\6b209b5.msp
c:\windows\Installer\6b209b6.msp
c:\windows\Installer\6b209b7.msp
c:\windows\Installer\6b209b8.msp
c:\windows\Installer\6b209b9.msp
c:\windows\Installer\6b209ba.msp
c:\windows\Installer\6b209bb.msp
c:\windows\Installer\6b209bc.msp
c:\windows\Installer\7c9e97.msp
c:\windows\Installer\7c9e98.msp
c:\windows\Installer\7c9e99.msp
c:\windows\Installer\7c9e9a.msp
c:\windows\Installer\7c9e9b.msp
c:\windows\Installer\7c9e9c.msp
c:\windows\Installer\7c9e9d.msp
c:\windows\Installer\7c9e9e.msp
c:\windows\Installer\7c9e9f.msp
c:\windows\Installer\7d996.msp
c:\windows\Installer\7d997.msp
c:\windows\Installer\7d998.msp
c:\windows\Installer\7d999.msp
c:\windows\Installer\7d99a.msp
c:\windows\Installer\7d99b.msp
c:\windows\Installer\7d99c.msp
c:\windows\Installer\7d99d.msp
c:\windows\Installer\7d99e.msp
c:\windows\Installer\89a17.msp
c:\windows\Installer\89a18.msp
c:\windows\Installer\89a19.msp
c:\windows\Installer\89a1a.msp
c:\windows\Installer\89a1b.msp
c:\windows\Installer\89a1c.msp
c:\windows\Installer\89a1d.msp
c:\windows\Installer\89a1e.msp
c:\windows\Installer\89a1f.msp
c:\windows\Installer\90eac43.msp
c:\windows\Installer\90eac44.msp
c:\windows\Installer\90eac45.msp
c:\windows\Installer\90eac46.msp
c:\windows\Installer\90eac47.msp
c:\windows\Installer\90eac48.msp
c:\windows\Installer\90eac49.msp
c:\windows\Installer\90eac4a.msp
c:\windows\Installer\90eac4b.msp
c:\windows\Installer\add7161.msp
c:\windows\Installer\add7162.msp
c:\windows\Installer\add7163.msp
c:\windows\Installer\add7164.msp
c:\windows\Installer\add7165.msp
c:\windows\Installer\add7166.msp
c:\windows\Installer\add7167.msp
c:\windows\Installer\add7168.msp
c:\windows\Installer\add7169.msp
c:\windows\Installer\b0f6122.msp
c:\windows\Installer\b0f6123.msp
c:\windows\Installer\b0f6124.msp
c:\windows\Installer\b0f6125.msp
c:\windows\Installer\b0f6126.msp
c:\windows\Installer\b0f6127.msp
c:\windows\Installer\b0f6128.msp
c:\windows\Installer\b0f6129.msp
c:\windows\Installer\b0f612a.msp
c:\windows\Installer\b5fa0.msp
c:\windows\Installer\b5fa1.msp
c:\windows\Installer\b5fa2.msp
c:\windows\Installer\b5fa3.msp
c:\windows\Installer\b5fa4.msp
c:\windows\Installer\b5fa5.msp
c:\windows\Installer\b5fa6.msp
c:\windows\Installer\b5fa7.msp
c:\windows\Installer\b5fa8.msp
c:\windows\Installer\bd875d1.msp
c:\windows\Installer\bd875d2.msp
c:\windows\Installer\bd875d3.msp
c:\windows\Installer\bd875d4.msp
c:\windows\Installer\bd875d5.msp
c:\windows\Installer\bd875d6.msp
c:\windows\Installer\bd875d7.msp
c:\windows\Installer\bd875d8.msp
c:\windows\Installer\bd875d9.msp
c:\windows\Installer\c4f803.msp
c:\windows\Installer\c4f804.msp
c:\windows\Installer\c4f805.msp
c:\windows\Installer\c4f806.msp
c:\windows\Installer\c4f807.msp
c:\windows\Installer\c4f808.msp
c:\windows\Installer\c4f809.msp
c:\windows\Installer\c4f80a.msp
c:\windows\Installer\c4f80b.msp
c:\windows\Installer\dca6eb6.msp
c:\windows\Installer\dca6eb7.msp
c:\windows\Installer\dca6eb8.msp
c:\windows\Installer\dca6eb9.msp
c:\windows\Installer\dca6eba.msp
c:\windows\Installer\dca6ebb.msp
c:\windows\Installer\dca6ebc.msp
c:\windows\Installer\dca6ebd.msp
c:\windows\Installer\dca6ebe.msp
c:\windows\Installer\dd593ae.msp
c:\windows\Installer\dd593af.msp
c:\windows\Installer\dd593b0.msp
c:\windows\Installer\dd593b1.msp
c:\windows\Installer\dd593b2.msp
c:\windows\Installer\dd593b3.msp
c:\windows\Installer\dd593b4.msp
c:\windows\Installer\dd593b5.msp
c:\windows\Installer\dd593b6.msp
c:\windows\Installer\e34e25c.msp
c:\windows\Installer\e34e25d.msp
c:\windows\Installer\e34e25e.msp
c:\windows\Installer\e34e25f.msp
c:\windows\Installer\e34e260.msp
c:\windows\Installer\e34e261.msp
c:\windows\Installer\e34e262.msp
c:\windows\Installer\e34e263.msp
c:\windows\Installer\e34e264.msp
c:\windows\system32\skinboxer43.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
K:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.
2009-08-30 00:16 . 2009-08-30 00:16 -------- d-----w- c:\program files\Trend Micro
2009-08-30 00:10 . 2009-08-30 00:11 -------- d-----w- c:\program files\ERUNT
2009-08-29 16:05 . 2009-08-29 16:05 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-22 03:27 . 2009-08-22 03:27 -------- d-----w- c:\documents and settings\Lance\Local Settings\Application Data\Downloaded Installations
2009-08-22 02:59 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-08-22 02:59 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2009-08-22 02:59 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-08-22 02:59 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2009-08-22 02:59 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-08-22 02:59 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2009-08-22 02:59 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-08-22 02:59 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2009-08-22 02:59 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-08-22 02:59 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-08-22 02:59 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-08-22 02:59 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-08-22 02:56 . 2009-08-22 02:56 -------- d-----w- c:\documents and settings\Lance\Application Data\Leadertech
2009-08-22 02:55 . 2009-08-22 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-08-22 02:55 . 2009-08-22 02:58 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-08-22 02:54 . 2009-08-22 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-08-14 01:48 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 01:58 . 2007-08-01 06:00 -------- d-----w- c:\documents and settings\Lance\Application Data\MSN6
2009-08-31 22:50 . 2009-08-22 02:58 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-08-31 22:50 . 2009-08-22 02:58 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-08-29 16:06 . 2009-07-25 00:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-29 15:39 . 2007-08-01 08:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-29 04:50 . 2009-04-04 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-22 03:27 . 2007-08-01 08:06 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-22 02:54 . 2007-08-01 08:28 -------- d-----w- c:\program files\Logitech
2009-08-16 20:13 . 2008-12-29 02:16 -------- d-----w- c:\program files\ROBO Master
2009-08-14 02:40 . 2007-08-01 05:47 -------- d-----w- c:\documents and settings\Lacy\Application Data\MSN6
2009-08-06 01:40 . 2007-08-01 05:39 -------- d-----w- c:\documents and settings\Kimberly\Application Data\MSN6
2009-08-05 09:01 . 2002-08-29 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:36 . 2009-07-25 00:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 19:36 . 2009-07-25 00:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 03:21 . 2008-01-06 20:42 -------- d-----w- c:\documents and settings\Lance\Application Data\U3
2009-08-02 06:56 . 2007-10-01 01:46 -------- d-----w- c:\documents and settings\Lance\Application Data\Skype
2009-07-31 20:36 . 2007-10-15 02:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 04:04 . 2009-07-26 03:56 -------- d-----w- c:\documents and settings\Lance\Application Data\GARMIN
2009-07-26 03:56 . 2009-07-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-07-26 03:56 . 2009-07-26 03:56 -------- d-----w- c:\program files\DIFX
2009-07-26 03:56 . 2009-07-26 03:56 -------- d-----w- c:\program files\Garmin
2009-07-25 00:59 . 2009-07-25 00:59 -------- d-----w- c:\documents and settings\Lance\Application Data\Malwarebytes
2009-07-25 00:59 . 2009-07-25 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 19:01 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 05:09 . 2008-10-17 18:27 -------- d-----w- c:\program files\McAfee
2009-07-12 05:07 . 2009-07-12 05:07 -------- d-----w- c:\program files\Convar
2009-07-12 05:07 . 2007-08-01 08:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 04:49 . 2008-10-17 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-29 16:12 . 2004-08-24 02:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-04-02 00:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-08-29 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-08-29 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-08-29 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-08-29 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-08-29 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-08-29 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-08-29 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-08-29 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-08-29 11:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2002-08-29 11:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2002-08-29 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2002-08-29 11:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 03:11 . 2009-06-10 03:11 152576 ----a-w- c:\documents and settings\Lance\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-05 02:47 . 2009-06-05 02:47 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2005-06-14 19:02 . 2005-06-14 19:02 187217 ----a-w- c:\program files\AutoPlay.exe
2004-08-10 06:30 . 2006-03-14 04:47 40960 ----a-w- c:\program files\Uninstall_CDS.exe
1999-09-21 00:32 . 1999-09-21 00:32 766 ----a-w- c:\program files\Install.ico
1997-09-11 17:47 . 1997-09-11 17:47 398416 ----a-w- c:\program files\VBRUN300.dll
.
------- Sigcheck -------
[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 B87C7EBCB18734BFD51C7758B416D100 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 B87C7EBCB18734BFD51C7758B416D100 c:\windows\SYSTEM32\ws2_32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2005-10-14 69632]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-18 177448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-01 185896]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-26 528384]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Craft ROBO Status Supervisor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Craft ROBO Status Supervisor.lnk
backup=c:\windows\pss\Craft ROBO Status Supervisor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
backup=c:\windows\pss\Winter Fun Wallpaper Changer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 NEOFLTR_550_11965;Juniper Networks TDI Filter Driver (NEOFLTR_550_11965);c:\windows\SYSTEM32\DRIVERS\NEOFLTR_550_11965.sys [7/16/2007 4:27 PM 63008]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/17/2008 6:12 PM 161064]
S2 gupdate1c9b4d758204d10;Google Update Service (gupdate1c9b4d758204d10);c:\program files\Google\Update\GoogleUpdate.exe [4/3/2009 9:42 PM 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/5/2008 5:41 PM 33752]
S3 NMUSB;NMUSB;c:\windows\SYSTEM32\DRIVERS\Nmusb.sys [5/26/2004 3:01 PM 40625]
S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\SYSTEM32\DRIVERS\olcamudp.sys [4/21/2003 8:44 PM 10379]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\SYSTEM32\DRIVERS\SE30bus.sys [3/22/2007 3:09 PM 61600]
.
Contents of the 'Scheduled Tasks' folder
2009-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-04 03:40]
2009-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 03:42]
2009-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 03:42]
2003-03-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
2008-10-17 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-17 16:53]
2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-17 16:53]
2009-09-02 c:\windows\Tasks\User_Feed_Synchronization-{7FB22448-B2AB-4218-96F2-8C4F9B949ACF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{2e633dd8-72a7-5e0f-b4ae-5efe9f65c5a2} - (no file)
Notify-WBSrv - (no file)
.
------- Supplementary Scan -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 23:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????h:??????x???????X???????????????P???? ?w? ?w)??p????????(???q????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1992)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\KEMHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\DRIVERS\KodakCCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\windows\SYSTEM32\RioMSC.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtProc.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-09-02 23:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-02 05:09
Pre-Run: 112,471,973,888 bytes free
Post-Run: 116,334,702,592 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
1203 --- E O F --- 2009-09-02 01:54
HJTLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:36 PM, on 9/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RioMSC.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\windows\explorer.exe
C:\windows\notepad.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\McAfee\VirusScan\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WrtMon.exe] C:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094835945234
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229571234835
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9b4d758204d10) (gupdate1c9b4d758204d10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 10685 bytes
Please scan this file - c:\windows\$NtServicePackUninstall$\ws2_32.dll in jotti as well and post back results.
Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.
--------------------------------------------------------------------------------
Filename: ws2_32.dll
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 19 Aug 2009 20:59:53 (CET) Permalink
--------------------------------------------------------------------------------
Additional info
File size: 82944 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: 2ed0b7f12a60f90092081c50fa0ec2b2
SHA1: 245c2caabb9ee68c8684e3b3578f527e0702da5e
Scanners
2009-08-19 Found nothing 2009-08-19 Found nothing
2009-08-19 Found nothing 2009-08-19 Found nothing
2009-08-18 Found nothing 2009-08-19 Found nothing
2009-08-19 Found nothing 2009-08-19 Found nothing
2009-08-19 Found nothing 2009-08-19 Found nothing
2009-08-19 Found nothing 2009-08-19 Found nothing
2009-08-19 Found nothing 2009-08-19 Found nothing
2009-08-19 Found nothing 2009-08-19 Found nothing
2009-08-19 Found nothing 2009-08-18 Found nothing
2009-08-18 Found nothing 2009-08-19 Found nothing
2009-08-19 Found nothing
--------------------------------------------------------------------------------
Scan a file - Hash search - Frequently Asked Questions - Privacy policy
© 2004-2009 Jotti <jotti@jotti.org>
Sponsored by Hotelscraper
OK, so we can use that one :)
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
FCopy::
c:\windows\$NtServicePackUninstall$\ws2_32.dll | c:\windows\ServicePackFiles\i386\ws2_32.dll
c:\windows\$NtServicePackUninstall$\ws2_32.dll | c:\windows\SYSTEM32\ws2_32.dll
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Here is the last log created. Thanks!
ComboFix 09-09-01.04 - Lance 09/02/2009 6:22.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.589 [GMT -6:00]
Running from: c:\documents and settings\Lance\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lance\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
--------------- FCopy ---------------
c:\windows\$NtServicePackUninstall$\ws2_32.dll --> c:\windows\ServicePackFiles\i386\ws2_32.dll
c:\windows\$NtServicePackUninstall$\ws2_32.dll --> c:\windows\SYSTEM32\ws2_32.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.
2009-08-30 00:16 . 2009-08-30 00:16 -------- d-----w- c:\program files\Trend Micro
2009-08-30 00:10 . 2009-08-30 00:11 -------- d-----w- c:\program files\ERUNT
2009-08-29 16:05 . 2009-08-29 16:05 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-22 03:27 . 2009-08-22 03:27 -------- d-----w- c:\documents and settings\Lance\Local Settings\Application Data\Downloaded Installations
2009-08-22 02:59 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-08-22 02:59 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2009-08-22 02:59 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-08-22 02:59 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2009-08-22 02:59 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-08-22 02:59 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2009-08-22 02:59 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-08-22 02:59 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2009-08-22 02:59 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-08-22 02:59 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-08-22 02:59 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-08-22 02:59 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-08-22 02:56 . 2009-08-22 02:56 -------- d-----w- c:\documents and settings\Lance\Application Data\Leadertech
2009-08-22 02:55 . 2009-08-22 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-08-22 02:55 . 2009-08-22 02:58 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-08-22 02:54 . 2009-08-22 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-08-14 01:48 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 12:20 . 2007-08-01 06:00 -------- d-----w- c:\documents and settings\Lance\Application Data\MSN6
2009-08-31 22:50 . 2009-08-22 02:58 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-08-31 22:50 . 2009-08-22 02:58 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-08-29 16:06 . 2009-07-25 00:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-29 15:39 . 2007-08-01 08:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-29 04:50 . 2009-04-04 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-22 03:27 . 2007-08-01 08:06 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-22 02:54 . 2007-08-01 08:28 -------- d-----w- c:\program files\Logitech
2009-08-16 20:13 . 2008-12-29 02:16 -------- d-----w- c:\program files\ROBO Master
2009-08-14 02:40 . 2007-08-01 05:47 -------- d-----w- c:\documents and settings\Lacy\Application Data\MSN6
2009-08-06 01:40 . 2007-08-01 05:39 -------- d-----w- c:\documents and settings\Kimberly\Application Data\MSN6
2009-08-05 09:01 . 2002-08-29 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:36 . 2009-07-25 00:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 19:36 . 2009-07-25 00:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 03:21 . 2008-01-06 20:42 -------- d-----w- c:\documents and settings\Lance\Application Data\U3
2009-08-02 06:56 . 2007-10-01 01:46 -------- d-----w- c:\documents and settings\Lance\Application Data\Skype
2009-07-31 20:36 . 2007-10-15 02:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 04:04 . 2009-07-26 03:56 -------- d-----w- c:\documents and settings\Lance\Application Data\GARMIN
2009-07-26 03:56 . 2009-07-26 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-07-26 03:56 . 2009-07-26 03:56 -------- d-----w- c:\program files\DIFX
2009-07-26 03:56 . 2009-07-26 03:56 -------- d-----w- c:\program files\Garmin
2009-07-25 00:59 . 2009-07-25 00:59 -------- d-----w- c:\documents and settings\Lance\Application Data\Malwarebytes
2009-07-25 00:59 . 2009-07-25 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 19:01 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 05:09 . 2008-10-17 18:27 -------- d-----w- c:\program files\McAfee
2009-07-12 05:07 . 2009-07-12 05:07 -------- d-----w- c:\program files\Convar
2009-07-12 05:07 . 2007-08-01 08:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 04:49 . 2008-10-17 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-29 16:12 . 2004-08-24 02:32 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-04-02 00:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-08-29 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-08-29 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-08-29 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-08-29 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-08-29 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-08-29 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-08-29 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-08-29 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-08-29 11:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2002-08-29 11:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2002-08-29 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2002-08-29 11:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 03:11 . 2009-06-10 03:11 152576 ----a-w- c:\documents and settings\Lance\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-05 02:47 . 2009-06-05 02:47 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2005-06-14 19:02 . 2005-06-14 19:02 187217 ----a-w- c:\program files\AutoPlay.exe
2004-08-10 06:30 . 2006-03-14 04:47 40960 ----a-w- c:\program files\Uninstall_CDS.exe
1999-09-21 00:32 . 1999-09-21 00:32 766 ----a-w- c:\program files\Install.ico
1997-09-11 17:47 . 1997-09-11 17:47 398416 ----a-w- c:\program files\VBRUN300.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-02_05.01.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-02 12:34 . 2009-09-02 12:34 16384 c:\windows\Temp\Perflib_Perfdata_744.dat
+ 2002-08-29 11:00 . 2004-08-04 07:56 82944 c:\windows\SYSTEM32\DLLCACHE\ws2_32.dll
+ 2002-09-03 08:08 . 2009-09-03 01:42 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
- 2002-09-03 08:08 . 2009-09-02 01:37 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2002-09-03 08:08 . 2009-09-03 01:42 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2002-09-03 08:08 . 2009-09-02 01:37 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2002-09-03 08:08 . 2009-09-03 01:42 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2002-09-03 08:08 . 2009-09-02 01:37 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2005-10-14 69632]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-18 177448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-01 185896]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-26 528384]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 7.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Craft ROBO Status Supervisor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Craft ROBO Status Supervisor.lnk
backup=c:\windows\pss\Craft ROBO Status Supervisor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
backup=c:\windows\pss\Winter Fun Wallpaper Changer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 NEOFLTR_550_11965;Juniper Networks TDI Filter Driver (NEOFLTR_550_11965);c:\windows\SYSTEM32\DRIVERS\NEOFLTR_550_11965.sys [7/16/2007 4:27 PM 63008]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/17/2008 6:12 PM 161064]
S2 gupdate1c9b4d758204d10;Google Update Service (gupdate1c9b4d758204d10);c:\program files\Google\Update\GoogleUpdate.exe [4/3/2009 9:42 PM 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [10/5/2008 5:41 PM 33752]
S3 NMUSB;NMUSB;c:\windows\SYSTEM32\DRIVERS\Nmusb.sys [5/26/2004 3:01 PM 40625]
S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\SYSTEM32\DRIVERS\olcamudp.sys [4/21/2003 8:44 PM 10379]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\SYSTEM32\DRIVERS\SE30bus.sys [3/22/2007 3:09 PM 61600]
.
Contents of the 'Scheduled Tasks' folder
2009-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-04 03:40]
2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 03:42]
2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 03:42]
2003-03-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
2008-10-17 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-17 16:53]
2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-17 16:53]
2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{7FB22448-B2AB-4218-96F2-8C4F9B949ACF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
.
------- Supplementary Scan -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 19:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????h:??????x???????X???????????????P???? ?w? ?w)??p????????(???q????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\DRIVERS\KodakCCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\windows\SYSTEM32\RioMSC.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\windows\SYSTEM32\rundll32.exe
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtProc.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-09-03 19:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 01:53
ComboFix2.txt 2009-09-02 05:09
Pre-Run: 116,371,025,920 bytes free
Post-Run: 116,334,460,928 bytes free
259 --- E O F --- 2009-09-02 01:54
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
3DGreetings Personal Edition
Abacast Client
Acrobat.com
Acrobat.com
Actiontec Gateway
Ad-Aware SE Personal
Adobe Acrobat 7.0.5 Elements
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Media Player
Adobe Media Player
Adobe Photoshop Elements 5.0
Adobe Reader 7.0
After Dark Games
American Greetings® Art & More Store
Apple Software Update
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MX700 series
Canon MX700 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCHelp
CCScore
CD Recovery Toolbox Free 1.0
Citrix ICA Web Client
Classic PhoneTools
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
Craft ROBO Controller
Creative MediaSource
Creative NOMAD II Driver
Creative NOMAD II Manager
Critical Update for Windows Media Player 11 (KB959772)
Debut Video Capture Software
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Digital Line Detect
Digital Photo Navigator 1.5
Disc2Phone
DiscWizard for Windows
DropBox
DVD Solution
Easy CD Creator 5 Basic
EasyJob Resume Builder 2.790.1349
ERUNT 1.1j
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
FM Screen Capture Codec (Remove Only)
Fun and Free Internet TV Demo
Garmin MapSource
Garmin Trip and Waypoint Manager v3
Garmin USB Drivers
getPlus(R) for Adobe
G-Force
Google Earth
Google Update Helper
Google Updater
Hard Truck 18 Wheels of Steel
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPSFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hoyle Board Games 5
hp deskjet 990c series (Remove only)
HP Image Zone 4.7
HP Product Detection
HP PSC & OfficeJet 4.7
HP Software Update
HyperCam 2
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
iTunes
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 14
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JEOPARDY! (remove only)
Juniper Networks Secure Application Manager
Kodak EasyShare software
KSU
LimeWire 4.8.1
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Logitech Updater
Malwarebytes' Anti-Malware
MapSource - US Topo v3.02
MathPlayer
MaxBlast 4
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office Professional Edition 2003
Microsoft Office XP Web Components
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft® Winter Fun Pack 2004 for Windows® XP
MiKroSpec 3.0
MikroView 3.0
Modem Helper
MSN
MSN Encarta Plus Support Files
MSN Gaming Zone
MSN Messenger 7.0
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
NCH Toolbox
Nero Suite
Network Play System (Patching)
Notifier
NVIDIA Drivers
OfotoXMI
OLYMPUS CAMEDIA Master 2.01
OLYMPUS CAMEDIA Master 4.1
OLYMPUS Master 2
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
oRipa Video Recorder1.2.3
OTtBP
OTtBPSDK
Paint Shop Pro 7
PC Inspector smart recovery
PCDLNCH
Photo Organizer
PowerDirector Express
PowerDVD
PowerProducer
Presto! PageManager 7.15.16
PrintMaster 7.00
PSP Movie Creator(remove only)
QuickTime
Qwest QuickCare
RealPlayer
Rhapsody Player Engine
Rio Internet Update
Rio Music Manager
Rio Taxi
ROBO Master
ROBO Master for QuicKutz
Safari
ScanSoft OmniPage SE 4
ScreenVirtuoso 3.90
Seagate Manager Installer
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Serif DrawPlus 3.0
SFR
SFR2
Shockwave
Shoot! v3.0
Sierra Utilities
Skype 2.5
Snappyads Games Collection
SonicStage 3.4
Sony Ericsson PC Suite
Sony Ericsson Themes Creator 3.11
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
System Requirements Lab
TechConnect
The Sims
Ultra Video Converter 3.5.1125
Uniblue Quick Access
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VCAMCEN
Vegas Movie Studio Platinum 9.0
Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)
Virtual Earth 3D (Beta)
VOIP080
VPRINTOL
WebIQ Client Software
West Point Bridge Designer 2006
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinMX
WinZip Internet Browser Support Add-On
Wyoming Screen Saver
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire 4.8.1
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please run a new uninstall list scan when finished and post the log back here.
3DGreetings Personal Edition
Abacast Client
Acrobat.com
Acrobat.com
Actiontec Gateway
Ad-Aware SE Personal
Adobe Acrobat 7.0.5 Elements
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Media Player
Adobe Media Player
Adobe Photoshop Elements 5.0
Adobe Reader 7.0
After Dark Games
American Greetings® Art & More Store
Apple Software Update
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MX700 series
Canon MX700 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCHelp
CCScore
CD Recovery Toolbox Free 1.0
Citrix ICA Web Client
Classic PhoneTools
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
Craft ROBO Controller
Creative MediaSource
Creative NOMAD II Driver
Creative NOMAD II Manager
Critical Update for Windows Media Player 11 (KB959772)
Debut Video Capture Software
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Digital Line Detect
Digital Photo Navigator 1.5
Disc2Phone
DiscWizard for Windows
DropBox
DVD Solution
Easy CD Creator 5 Basic
EasyJob Resume Builder 2.790.1349
ERUNT 1.1j
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
FM Screen Capture Codec (Remove Only)
Fun and Free Internet TV Demo
Garmin MapSource
Garmin Trip and Waypoint Manager v3
Garmin USB Drivers
getPlus(R) for Adobe
G-Force
Google Earth
Google Update Helper
Google Updater
Hard Truck 18 Wheels of Steel
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPSFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hoyle Board Games 5
hp deskjet 990c series (Remove only)
HP Image Zone 4.7
HP Product Detection
HP PSC & OfficeJet 4.7
HP Software Update
HyperCam 2
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
iTunes
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JEOPARDY! (remove only)
Juniper Networks Secure Application Manager
Kodak EasyShare software
KSU
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Logitech Updater
Malwarebytes' Anti-Malware
MapSource - US Topo v3.02
MathPlayer
MaxBlast 4
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office Professional Edition 2003
Microsoft Office XP Web Components
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft® Winter Fun Pack 2004 for Windows® XP
MiKroSpec 3.0
MikroView 3.0
Modem Helper
MSN
MSN Encarta Plus Support Files
MSN Gaming Zone
MSN Messenger 7.0
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
NCH Toolbox
Nero Suite
Network Play System (Patching)
Notifier
NVIDIA Drivers
OfotoXMI
OLYMPUS CAMEDIA Master 2.01
OLYMPUS CAMEDIA Master 4.1
OLYMPUS Master 2
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
oRipa Video Recorder1.2.3
OTtBP
OTtBPSDK
Paint Shop Pro 7
PC Inspector smart recovery
PCDLNCH
Photo Organizer
PowerDirector Express
PowerDVD
PowerProducer
Presto! PageManager 7.15.16
PrintMaster 7.00
PSP Movie Creator(remove only)
QuickTime
Qwest QuickCare
RealPlayer
Rhapsody Player Engine
Rio Internet Update
Rio Music Manager
Rio Taxi
ROBO Master
ROBO Master for QuicKutz
Safari
ScanSoft OmniPage SE 4
ScreenVirtuoso 3.90
Seagate Manager Installer
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Serif DrawPlus 3.0
SFR
SFR2
Shockwave
Shoot! v3.0
Sierra Utilities
Skype 2.5
Snappyads Games Collection
SonicStage 3.4
Sony Ericsson PC Suite
Sony Ericsson Themes Creator 3.11
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
System Requirements Lab
TechConnect
The Sims
Ultra Video Converter 3.5.1125
Uniblue Quick Access
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VCAMCEN
Vegas Movie Studio Platinum 9.0
Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)
Virtual Earth 3D (Beta)
VOIP080
VPRINTOL
WebIQ Client Software
West Point Bridge Designer 2006
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinMX
WinZip Internet Browser Support Add-On
Wyoming Screen Saver
Thanks again!
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Here is the Kaspersky log,
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 4, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 04, 2009 07:34:08
Records in database: 2744752
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
O:\
Scan statistics:
Objects scanned: 198038
Threats found: 2
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 03:38:55
File name / Threat / Threats count
C:\Documents and Settings\Lance\Application Data\Thinstall\Adobe Photoshop CS3\300000003400002h\dwwin.exe Infected: Trojan-Spy.Win32.Ardamax.bke 1
C:\Qoobox\Quarantine\C\WINDOWS\ServicePackFiles\i386\ws2_32.dll.vir Infected: Trojan.Win32.Patched.hg 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ws2_32.dll.vir Infected: Trojan.Win32.Patched.hg 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2002\A0180737.dll Infected: Trojan.Win32.Patched.hg 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2002\A0180867.dll Infected: Trojan.Win32.Patched.hg 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2002\A0180868.dll Infected: Trojan.Win32.Patched.hg 1
Selected area has been scanned.
Here is the new HJT log,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:02 AM, on 9/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RioMSC.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WrtMon.exe] C:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094835945234
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229571234835
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9b4d758204d10) (gupdate1c9b4d758204d10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 10410 bytes
Thanks!:cowboy:
Please scan this in jotti as well and post back results:
C:\Documents and Settings\Lance\Application Data\Thinstall\Adobe Photoshop CS3\300000003400002h\dwwin.exe
Is this file the culprit?
dwwin.exe - Jotti's malware scan
Jotti's malware scan
Filename: dwwin.exe
Status: Scan finished. 11 out of 21 scanners reported malware.
Scan taken on: Fri 4 Sep 2009 18:48:57 (CET) Permalink
Additional info
File size: 305152 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: f9d5b6025dd1fe9bad0b0cb58f34de97
SHA1: 23c06e071ccc479ef0c5d1675503420b3e29ebbe
Scanners
2009-09-04 Trojan.Spy.Ardamax.Ajr 2009-09-04 Trojan.Generic.2129576
2009-09-04 Trojan-Spy.Win32.Ardamax!IK 2009-09-04
Trojan-Spy.Win32.Ardamax
2009-09-04 Found nothing 2009-09-04 Trojan-Spy.Win32.Ardamax.bke
2009-09-03 Found nothing 2009-09-04 Found nothing
2009-09-04 TR/Spy.Ardamax.apy 2009-09-03 Found nothing
2009-09-04 Trojan.Generic.2129576 2009-09-04 Found nothing
2009-09-04 Found nothing 2009-09-04 Found nothing
2009-09-04 Found nothing 2009-09-04 Mal/Generic-E
2009-09-04 Found nothing 2009-09-03 Found nothing
2009-09-04 W32/Trojan2.GNRX 2009-09-04 TrojanSpy.Ardamax.BBI
2009-09-04 Trojan-Spy.Win32.Ardamax.bke
Scan a file - Hash search - Frequently Asked Questions - Privacy policy
© 2004-2009 Jotti <jotti@jotti.org>
Sponsored by Hotelscraper
:thanks:
Yes it can be.
Please post also which scanners found those :)
Jotti's malware scan
Filename: dwwin.exe
Status: Scan finished. 11 out of 21 scanners reported malware.
Scan taken on: Fri 4 Sep 2009 18:48:57 (CET) Permalink
--------------------------------------------------------------------------------
Additional info
File size: 305152 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: f9d5b6025dd1fe9bad0b0cb58f34de97
SHA1: 23c06e071ccc479ef0c5d1675503420b3e29ebbe
Scanners
ArcaVir 2009-09-04 Trojan.Spy.Ardamax.Ajr
GDATA 2009-09-04 Trojan.Generic.2129576
A-Squared 2009-09-04 Trojan-Spy.Win32.Ardamax!IK
Ikarus 2009-09-04 Trojan-Spy.Win32.Ardamax
2009-09-04 Found nothing
Kaspersky 2009-09-04 Trojan-Spy.Win32.Ardamax.bke
2009-09-03 Found nothing 2009-09-04 Found nothing
AntiVir 2009-09-04 TR/Spy.Ardamax.apy
2009-09-03 Found nothing
bit defender 2009-09-04 Trojan.Generic.2129576
2009-09-04 Found nothing
2009-09-04 Found nothing 2009-09-04 Found nothing
2009-09-04 Found nothing
Sophos 2009-09-04 Mal/Generic-E
2009-09-04 Found nothing 2009-09-03 Found nothing
F-Prot 2009-09-04 W32/Trojan2.GNRX
Virus Buster 2009-09-04 TrojanSpy.Ardamax.BBI
F-Secure 2009-09-04 Trojan-Spy.Win32.Ardamax.bke
--------------------------------------------------------------------------------
Scan a file - Hash search - Frequently Asked Questions - Privacy policy
© 2004-2009 Jotti <jotti@jotti.org>
Sponsored by Hotelscraper
Please delete that file.
Still problems?
I haven't used google since I started posting to this forum, but just trying it now, I don't seem to have the problem anymore. I tried several searches and it went to the correct website everytime. Do I need to do anything else? Also do you think this came from P2P or from somewhere else? What do I need to do to keep my system clean? I always update Windows, Mcafee, and run Spybot regularly and now Malware's program too. Any suggestions would be appreciated. I can't thank you enough for the help.:D:
Good :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
When I open up the system screen and click on the system restore tab I get the following error message, "An exception occurred while trying to run "C:\windows\system32\shell32.dll,Control_RunDll "C:\windows\system32\sysdm.cpl,System" . I rebooted again just to make sure and got the same error message when I click on the tab. All of the other tabs in the system page work fine. Any ideas? :sad:
Looks like system restore might be corrupted.
This (http://forums.techarena.in/windows-xp-support/42929.htm) should help here.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.