Shortcuts & Quick Launch buttons no longer work (Resolved)

katana · Mar 4, 2009

tkestle said:
Or is there a specific area you are interested in?
Tony

I need the part under

---- Disk sectors - GMER 1.0.14 ----

tkestle · Mar 4, 2009

Partial GMER report

katana said:
I need the part under

---- Disk sectors - GMER 1.0.14 ----

As requested:

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected

---- EOF - GMER 1.0.14 ----

katana · Mar 4, 2009

Right, you need to print this out as you won't have access to the internet while you do the following.

Reboot your computer and access the recovery console
(keep pressing the up or down arrow key while the machine restarts.)
You will get two options, use the arrow keys to highlite Recovery Console and press enter.
The Recovery Console takes several seconds to start. When the Recovery Console menu appears, a numbered list of the Windows installations on the computer appears. (Generally, only c:\Windows exists.) Press a number before you press ENTER, even when only one entry appears. If you press ENTER without selecting a number, the computer restarts and begins the process again.

When you see the prompt for %SystemRoot% (generally C:\Windows), you can start

Type the following in bold at the prompt.

fixmbr

Once the command has completed reboot the computer back into Windows.

Post a new gmer log along with a new HijackThis log please.

tkestle · Mar 5, 2009

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:07 PM, on 3/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-21-1720360759-132634969-911751219-1011\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'QBDataServiceUser')
O4 - S-1-5-21-1720360759-132634969-911751219-1011 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'QBDataServiceUser')
O4 - S-1-5-21-1720360759-132634969-911751219-1011 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'QBDataServiceUser')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1BFB1268-6353-495A-AB78-97BF7CAB4D52} (File Editing Tool) - https://onlinefilefolder.com/gdedtwrp.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11657 bytes

tkestle · Mar 5, 2009

GMER Log, after fixmbr 1a

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-04 17:07:50
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF36389AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF3638958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF363896C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF36389EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF3638930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF3638944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF36389BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF3638996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF3638982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF3638A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF3638A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF36389D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC008C
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0071
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0054
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0F97
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC0F57
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0F72
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC00CB
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC0F3C
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CC0F17
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CC0FA8
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CC009D
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CC00BA
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00070076
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00070014
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 27, 88 ]
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F000A4
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00089
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00FAF
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F0006C
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FDB
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F000DC
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F000CB
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000F7
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00F68
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F00112
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F00FC0
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F00011
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F00F94
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F00047
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F00036
.text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F00F79
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00EF0076
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00EF0036
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00EF001B
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00EF0FB9
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00EF0FCA
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 0F, 89 ]
.text C:\WINDOWS\system32\lsass.exe[752] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00EF0051
.text C:\WINDOWS\system32\lsass.exe[752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E8006E
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E8005D
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E80F83
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80F94
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80FB9
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E800A1
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E80090
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E80F37
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E800D0
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E80F1C
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E80040
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E8007F
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E8001B
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E80F48
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E70FD4
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E70058
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E70025
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E70014
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E70047
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00E70FA5
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 07, 89 ]
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E70036
.text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10F59
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10044
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10033
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10F80
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10075
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F2D
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C100C6
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100B5
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C10F12
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C10022
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C10F48
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C10FAF
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C10FCA
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C10090
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C00F9B
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C00062
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C00051
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0000
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03C40000
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03C400A4
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03C40FB9
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03C40087
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03C40076
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03C40040
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03C400D2
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03C400B5
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03C40108
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03C400ED
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 03C40123
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03C4005B
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03C4001B
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03C40F94
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03C40FD4
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 03C40FE5
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 03C40F6F
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 03C20F9E
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 03C20F6F
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 03C20FB9
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 03C20FCA
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 03C2002C
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 03C20FEF
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 03C2001B
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 03C20000
.text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02F60FEF
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 03C30000
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 03C3001B
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 03C30FDB
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 03C30FCA
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1152] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770FE5
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770067
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770056
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770F72
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770F8D
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770025
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007700A4
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770093
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770F29
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770F3A
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00770F0E
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00770F9E
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00770FD4
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00770082
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00770FB9
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00770F4B
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0076002F
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00760FA8
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00760014
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00760FDE
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00760065
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00760FB9
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 96, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0076004A
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [ E9 ]
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!VirtualProtectEx + 2 7C801A63 3 Bytes [ E5, 53, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D40F7A
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D40F8B
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D40FA8
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D4004A
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D40F4E
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D4008A
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D40F22
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D40F33
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D400D6
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D40FCD
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D4001B
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D40F5F
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D40FDE
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!WinExec 7C8623AD 1 Byte [ E9 ]
.text C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!WinExec + 2 7C8623AF 3 Bytes [ DC, 4D, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D20025
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D20F6F
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D20FD4

tkestle · Mar 5, 2009

GMER Log, after fixmbr 1b

.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D2000A
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D20036
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D20F94
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F2, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D20FB9
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D3001B
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D3002C
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D3003D
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018C0000
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 018C0F8A
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 018C0075
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 018C0064
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 018C0F9B
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 018C0FAC
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018C00AB
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 018C009A
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 018C00C6
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 018C0F2D
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 018C0F1C
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 018C0033
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 018C0011
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 018C0F6F
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 018C0FD1
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 018C0022
.text C:\WINDOWS\Explorer.EXE[2712] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 018C0F3E
.text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 014C0FAF
.text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 014C005B
.text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 014C0FCA
.text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 014C0000
.text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 014C0036
.text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 014C0FEF
.text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 014C0025
.text C:\WINDOWS\Explorer.EXE[2712] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 014C0F9E
.text C:\WINDOWS\Explorer.EXE[2712] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 018B0FEF
.text C:\WINDOWS\Explorer.EXE[2712] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 018B0014
.text C:\WINDOWS\Explorer.EXE[2712] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 018B0025
.text C:\WINDOWS\Explorer.EXE[2712] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 018B0FD4
.text C:\WINDOWS\Explorer.EXE[2712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01710000

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1161149389\ee\AOLSoftware.exe[228] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1972] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----

katana · Mar 5, 2009

That cured it

Now, one last scan to make sure that MBR Rootkit wasn't hiding anything else

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

tkestle · Mar 6, 2009

Kapersky Results (finally!)

This thing took *forever* & I had to restart it 4 times, but here's that result:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 06, 2009 02:40:27
Records in database: 1872692
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 277922
Threat name: 4
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 06:31:28

File name / Threat name / Threats count
C:\Documents and Settings\Compaq_Owner\Desktop\Internet Business\Spring Fling (Tonymarketing)\Leader's Circle\adblaster.zip Infected: not-a-virus:AdWare.Win32.Megap.a 1
C:\Documents and Settings\Compaq_Owner\Desktop\Internet Business\Spring Fling (Tonymarketing)\Leader's Circle\adwizard32.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1
C:\Documents and Settings\Compaq_Owner\Desktop\Internet Business\Spring Fling (Tonymarketing)\Leader's Circle\dumptruck.exe Infected: not-a-virus

ownloader.Win32.Url2File.a 1
D:\I386\APPS\APP25742\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP25742\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

The selected area was scanned.

I couldn't find a way to have Kapersky remove them. Am I just being dense?

Thanks!

Tony

katana · Mar 7, 2009

tkestle said:
Am I just being dense?

Not at all, we use Kaspersky because it just scans without cleaning

Do you know anything about these files, or the folder they are in ?

C:\Documents and Settings\Compaq_Owner\Desktop\Internet Business\Spring Fling (Tonymarketing)\Leader's Circle\adblaster.zip
C:\Documents and Settings\Compaq_Owner\Desktop\Internet Business\Spring Fling (Tonymarketing)\Leader's Circle\adwizard32.exe
C:\Documents and Settings\Compaq_Owner\Desktop\Internet Business\Spring Fling (Tonymarketing)\Leader's Circle\dumptruck.exe

tkestle · Mar 8, 2009

Reply to question

katana said:
Not at all, we use Kaspersky because it just scans without cleaning

Do you know anything about these files, or the folder they are in ?

C:\Documents and Settings\Compaq_Owner\Desktop\Internet Business\Spring Fling (Tonymarketing)\Leader's Circle\adblaster.zip
C:\Documents and Settings\Compaq_Owner\Desktop\Internet Business\Spring Fling (Tonymarketing)\Leader's Circle\adwizard32.exe
C:\Documents and Settings\Compaq_Owner\Desktop\Internet Business\Spring Fling (Tonymarketing)\Leader's Circle\dumptruck.exe

These are programs that were downloaded as part of some programs from an Internet Business site where people offer free stuff to get you to sign up for their mailing list.

Theoretically, they are all checked by the person who put up the site, and McAfee checked them while they were downloaded. They have never shown up on any scan that I have run prior to this.

I am not using them, and it would be no difficulty to delete them, if needed.

Thanks!

Tony

tkestle · Mar 8, 2009

Maintenance

By the way, Katana, I am finding a bunch of junk that I have collected over the years. Should I wait until we are done here, or can I start deleting some of the crap now?

Tony

katana · Mar 8, 2009

If you know why those files are there, you can leave them or delete them .... Your choice, they are just Adware related dross

You can start deleting anything you want to .....

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.

Uninstall Combofix

This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy <<< A must have program
- It includes host protection and registry protection
- A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware <<< A New and effective program
a-squared Free <<< A good "realtime" or "on demand" scanner
superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    - Change the Download signed ActiveX controls to Prompt
    - Change the Download unsigned ActiveX controls to Disable
    - Change the Initialise and script ActiveX controls not marked as safe to Disable
    - Change the Installation of desktop items to Prompt
    - Change the Launching programs and files in an IFRAME to Prompt
    - Change the Navigate sub-frames across different domains to Prompt
    - When all these settings have been made, click on the OK button.
    - If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
- FireFox
  - With many addons available that make customization easy this is a very popular choice
  - NoScript and AdBlockPlus addons are essential
- Opera
  - Another popular alternative
- Netscape
  - Another popular alternative
  - Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

tkestle · Mar 9, 2009

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Looks good!

Thank you very much for your time & energy!

:

Tony

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

Shortcuts & Quick Launch buttons no longer work (Resolved)

katana

Security Expert-Emeritus

tkestle

New member

katana

Security Expert-Emeritus

tkestle

New member

tkestle

New member

tkestle

New member

katana

Security Expert-Emeritus

tkestle

New member

katana

Security Expert-Emeritus

tkestle

New member

tkestle

New member

katana

Security Expert-Emeritus

tkestle

New member