Jump to content

ingloriousBIG

Honorary Members
  • Posts

    41
  • Joined

  • Last visited

Everything posted by ingloriousBIG

  1. http://www.pcpitstop.com/betapit/sec.asp?conid=23113057
  2. I can't seem to download the plugin for the pc testing. Once downloaded I can't locate npmeadax.dll to put into the plugins folder.
  3. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:50:12 PM, on 12/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\zHotkey.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\eMachines Bay Reader\shwiconem.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1251683478609 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7554 bytes
  4. ComboFix 09-12-19.04 - Jon 12/20/2009 15:32:37.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.256 [GMT -8:00] Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} . ((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 ))))))))))))))))))))))))))))))) . 2009-12-18 03:52 . 2009-12-18 03:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Malwarebytes 2009-12-18 03:52 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-18 03:52 . 2009-12-18 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-18 03:52 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-18 03:52 . 2009-12-18 03:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-18 03:04 . 2009-12-18 03:04 -------- d--h--w- c:\windows\PIF 2009-12-18 02:58 . 2009-12-18 02:58 -------- d-----w- c:\program files\Trend Micro 2009-12-14 05:37 . 2009-12-14 05:37 -------- d-----w- c:\windows\system32\scripting 2009-12-14 05:37 . 2009-12-14 05:37 -------- d-----w- c:\windows\l2schemas 2009-12-14 05:37 . 2009-12-14 05:37 -------- d-----w- c:\windows\system32\en 2009-12-08 23:49 . 2009-12-16 22:54 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Temp 2009-12-08 23:45 . 2009-12-08 23:51 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Google 2009-11-26 06:00 . 2009-11-26 07:02 -------- d-----w- c:\documents and settings\Jon\Application Data\Move Networks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-19 00:25 . 2004-05-12 09:55 96512 ------w- c:\windows\system32\drivers\atapi.sys 2009-12-15 01:12 . 2009-09-02 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-12-14 05:50 . 2004-05-12 09:50 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-12-14 05:04 . 2009-10-24 05:38 -------- d-----w- c:\documents and settings\Jon\Application Data\AdobeUM 2009-12-09 11:09 . 2009-10-28 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-20 08:44 . 2009-09-02 03:29 70264 ----a-w- c:\documents and settings\Allan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-20 08:24 . 2009-11-20 08:19 -------- d-----w- c:\documents and settings\Allan\Application Data\Move Networks 2009-11-20 08:20 . 2009-11-20 08:20 127872 ----a-w- c:\documents and settings\Allan\Application Data\Move Networks\uninstall.exe 2009-11-20 08:19 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Allan\Application Data\Move Networks\plugins\npqmp071503000010.dll 2009-11-16 18:59 . 2009-09-02 04:08 70264 ----a-w- c:\documents and settings\Jon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-07 10:37 . 2009-11-07 10:37 -------- d-----w- c:\program files\MSBuild 2009-11-07 10:37 . 2009-11-07 10:37 -------- d-----w- c:\program files\Reference Assemblies 2009-11-07 10:30 . 2009-11-07 10:30 -------- d-----w- c:\program files\MSXML 6.0 2009-11-03 08:26 . 2004-05-12 10:19 -------- d-----w- c:\program files\Microsoft Works 2009-10-29 07:46 . 2006-06-23 18:33 832512 ------w- c:\windows\system32\wininet.dll 2009-10-29 07:46 . 2009-09-01 20:46 78336 ------w- c:\windows\system32\ieencode.dll 2009-10-29 07:46 . 2004-05-12 09:42 17408 ------w- c:\windows\system32\corpol.dll 2009-10-28 11:31 . 2009-10-28 09:40 -------- d-----w- c:\documents and settings\Jon\Application Data\GetRightToGo 2009-10-28 09:25 . 2009-10-28 09:25 -------- d-----w- c:\program files\MSECache 2009-10-21 05:38 . 2009-09-01 20:46 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 05:38 . 2009-09-01 20:45 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-20 16:20 . 2009-09-01 20:46 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2006-05-14 09:13 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-05-12 09:43 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-05-12 09:43 79872 ----a-w- c:\windows\system32\raschap.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968] "Google Update"="c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-08 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CHotkey"="zHotkey.exe" [2003-06-03 496640] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-23 71280] "NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096] "SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-01 149280] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-09-01 95960] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464] "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-5-12 1742384] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [9/1/2009 10:53 AM 704384] R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [9/1/2009 10:51 AM 1195008] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [9/1/2009 10:51 AM 31128] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [9/1/2009 10:53 AM 257432] S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys --> c:\windows\system32\ndisdrv.sys [?] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.emachines.com/ uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\yodx80lh.default\ FF - plugin: c:\documents and settings\Allan\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-20 15:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3736) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-12-20 15:46:13 ComboFix-quarantined-files.txt 2009-12-20 23:45 ComboFix2.txt 2009-12-19 23:16 Pre-Run: 28,933,685,248 bytes free Post-Run: 28,901,220,352 bytes free - - End Of File - - 3B706F8F76922604B209ABAC2D927144
  5. im not sure if those are the results you were looking for. I used to use avira but my computer was ridiculously slow when it was installed. So to answer you question, no i'm not using any antivirus protection at the moment. If you could suggest an antivirus program that didnt keep my programs from moving at a snails pace literally, then I would appreciate it.
  6. File SandBox.sys received on 2009.12.01 09:46:18 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.01 - AhnLab-V3 5.0.0.2 2009.12.01 - AntiVir 7.9.1.88 2009.12.01 - Antiy-AVL 2.0.3.7 2009.12.01 - Authentium 5.2.0.5 2009.12.01 - Avast 4.8.1351.0 2009.11.30 - AVG 8.5.0.426 2009.12.01 - BitDefender 7.2 2009.12.01 - CAT-QuickHeal 10.00 2009.12.01 - ClamAV 0.94.1 2009.12.01 - Comodo 3099 2009.12.01 - DrWeb 5.0.0.12182 2009.12.01 - eSafe 7.0.17.0 2009.11.30 - eTrust-Vet 35.1.7150 2009.12.01 - F-Prot 4.5.1.85 2009.11.30 - F-Secure 9.0.15370.0 2009.11.29 - Fortinet 4.0.14.0 2009.12.01 - GData 19 2009.12.01 - Ikarus T3.1.1.74.0 2009.12.01 - Jiangmin 11.0.800 2009.12.01 - K7AntiVirus 7.10.906 2009.11.27 - Kaspersky 7.0.0.125 2009.12.01 - McAfee 5818 2009.11.30 - McAfee+Artemis 5818 2009.11.30 - McAfee-GW-Edition 6.8.5 2009.12.01 - Microsoft 1.5302 2009.12.01 - NOD32 4650 2009.11.30 - Norman 6.03.02 2009.11.30 - nProtect 2009.1.8.0 2009.11.28 - Panda 10.0.2.2 2009.11.30 - PCTools 7.0.3.5 2009.12.01 - Prevx 3.0 2009.12.01 - Rising 22.24.01.04 2009.12.01 - Sophos 4.48.0 2009.12.01 - Sunbelt 3.2.1858.2 2009.12.01 - Symantec 1.4.4.12 2009.12.01 - TheHacker 6.5.0.2.082 2009.11.30 - TrendMicro 9.100.0.1001 2009.12.01 - VBA32 3.12.12.0 2009.11.30 - ViRobot 2009.12.1.2064 2009.12.01 - VirusBuster 5.0.21.0 2009.11.30 - Additional information File size: 704384 bytes MD5 : 57ef0a92bada411c563384c08a4a25cd SHA1 : a339c364e54d69cbaf2a2701ee3adac5dd94ff6d SHA256: dcdb8354744e6ed8afc7dc605592811425d97ff567178b92a94c1318bb2ffcc0 PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x317A0<br> timedatestamp.....: 0x49D9B126 (Mon Apr 6 09:37:10 2009)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x2A0 0x9C944 0x9C960 6.21 da2364b6b7818dfda3fc00f7b3f9521b<br>.data 0x9CC00 0x44F4 0x4500 1.15 ca80c08cb675b67711af6e5f4605acd5<br>INIT 0xA1100 0xEDC 0xEE0 5.61 2d3c2bc3f8f2d6864c49841eddc372c5<br>.rsrc 0xA1FE0 0x398 0x3A0 3.35 5e72c3413e829c35ec0e716aeb6f99e5<br>.reloc 0xA2380 0x81AC 0x81C0 6.81 f383a0d9ef7c63e9421d0c3d349b2968<br> <br> ( 2 imports )<br> <br>> hal.dll: KeQueryPerformanceCounter, KeGetCurrentIrql, HalMakeBeep<br>> ntoskrnl.exe: ZwOpenSection, RtlNtStatusToDosErrorNoTeb, ZwCreateFile, IoCreateFile, ZwOpenFile, ObfDereferenceObject, ZwClose, ZwWaitForSingleObject, ZwSetEvent, ZwQueryDirectoryFile, ZwSetInformationFile, ZwDeleteFile, ZwMakeTemporaryObject, ZwCreateSymbolicLinkObject, ZwOpenKey, ZwCreateKey, ZwDeleteKey, ZwEnumerateKey, ZwEnumerateValueKey, memset, ZwQueryKey, ZwQueryValueKey, ZwSetValueKey, ZwReplaceKey, ZwSaveKey, ZwDeleteValueKey, NtSetInformationFile, NtBuildNumber, ZwSetSystemInformation, ZwLoadDriver, ZwUnloadDriver, ZwOpenThread, ZwOpenProcess, IoGetCurrentProcess, ZwTerminateProcess, ZwRequestWaitReplyPort, memcpy, _allshl, _aullshr, KeDelayExecutionThread, SeCreateClientSecurity, KeGetCurrentThread, SeTokenType, IoDeleteDevice, IoDeleteSymbolicLink, IoUnregisterShutdownNotification, InterlockedCompareExchange, PsCreateSystemThread, KeInitializeEvent, IoRegisterShutdownNotification, IoCreateUnprotectedSymbolicLink, IoCreateDevice, RtlInitUnicodeString, IofCompleteRequest, RtlCopyUnicodeString, PsTerminateSystemThread, KeClearEvent, KeReadStateEvent, InterlockedExchangeAdd, ExAllocatePoolWithTag, ExFreePool, _strnicmp, KeWaitForSingleObject, KeSetEvent, KeQuerySystemTime, IoIsSystemThread, IoThreadToProcess, NtQueryInformationProcess, KeDetachProcess, PsGetProcessExitTime, KeAttachProcess, KeIsExecutingDpc, ExGetPreviousMode, MmSectionObjectType, ObReferenceObjectByHandle, PsLookupProcessByProcessId, PsIsThreadTerminating, PsLookupThreadByThreadId, ZwQueryInformationProcess, ObOpenObjectByPointer, PsProcessType, MmIsAddressValid, RtlNtStatusToDosError, PsThreadType, ObReferenceObjectByPointer, ObReferenceObjectByName, IoFileObjectType, PsGetCurrentProcessId, strncpy, RtlIsNameLegalDOS8Dot3, RtlAnsiStringToUnicodeString, RtlUnicodeStringToAnsiString, RtlUpcaseUnicodeString, ZwQueryObject, IoGetDeviceObjectPointer, wcschr, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, RtlMapGenericMask, IoQueryFileInformation, IofCallDriver, IoAllocateIrp, IoFreeIrp, IoFreeMdl, MmUnlockPages, MmUnmapLockedPages, MmMapLockedPages, IoGetRelatedDeviceObject, IoSetInformation, ExEventObjectType, _allmul, _aulldiv, RtlImageNtHeader, ZwQuerySystemInformation, _stricmp, ZwUnmapViewOfSection, ZwMapViewOfSection, KeServiceDescriptorTable, KeAddSystemServiceTable, KeInsertQueueApc, KeInitializeApc, MmCreateSection, MmUnmapViewOfSection, MmMapViewOfSection, KeNumberProcessors, PsGetVersion, RtlQueryRegistryValues, RtlAppendUnicodeToString, RtlWriteRegistryValue, _snwprintf, KeBugCheckEx, DbgBreakPoint, RtlCompareMemory, RtlTimeToTimeFields, ExSystemTimeToLocalTime, InterlockedExchange, ZwQueryInformationFile, MmUnmapIoSpace, MmMapIoSpace, RtlEnlargedIntegerMultiply, ZwReadFile, DbgPrint, _aullrem, RtlUnwind, InterlockedIncrement, InterlockedDecrement, ObQueryNameString, ZwCreateSection<br> <br> ( 0 exports )<br> TrID : File type identification<br>Windows Screen Saver (51.1%)<br>Win32 Executable Generic (33.2%)<br>Generic Win/DOS Executable (7.8%)<br>DOS Executable Generic (7.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 12288:bvtxGaBa6SUnSCjgXNLlmvEN2vSfDJEST8kmDKCU2VCM1HE+a:bvNBaLSbgXNLlmvEN2vAVlT8 dDKh2VCV PEiD : - RDS : NSRL Reference Data Set<br>-
  7. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:20:39 PM, on 12/19/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\zHotkey.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\eMachines Bay Reader\shwiconem.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1251683478609 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7508 bytes
  8. ComboFix 09-12-18.03 - Jon 12/19/2009 14:49:01.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.232 [GMT -8:00] Running from: c:\documents and settings\Jon\Desktop\KittyFix.exe FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1433678514-3411340332-2596020146-1003 c:\recycler\S-1-5-21-515967899-1580436667-725345543-1003 Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - Kitty ate it . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IAS -------\Legacy_WINSTS ((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 ))))))))))))))))))))))))))))))) . 2009-12-18 03:52 . 2009-12-18 03:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Malwarebytes 2009-12-18 03:52 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-18 03:52 . 2009-12-18 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-18 03:52 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-18 03:52 . 2009-12-18 03:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-18 03:04 . 2009-12-18 03:04 -------- d--h--w- c:\windows\PIF 2009-12-18 02:58 . 2009-12-18 02:58 -------- d-----w- c:\program files\Trend Micro 2009-12-14 05:37 . 2009-12-14 05:37 -------- d-----w- c:\windows\system32\scripting 2009-12-14 05:37 . 2009-12-14 05:37 -------- d-----w- c:\windows\l2schemas 2009-12-14 05:37 . 2009-12-14 05:37 -------- d-----w- c:\windows\system32\en 2009-12-08 23:49 . 2009-12-16 22:54 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Temp 2009-12-08 23:45 . 2009-12-08 23:51 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Google 2009-11-26 06:00 . 2009-11-26 07:02 -------- d-----w- c:\documents and settings\Jon\Application Data\Move Networks 2009-11-20 08:19 . 2009-11-20 08:24 -------- d-----w- c:\documents and settings\Allan\Application Data\Move Networks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-19 00:25 . 2004-05-12 09:55 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-12-15 01:12 . 2009-09-02 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-12-14 05:50 . 2004-05-12 09:50 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-12-14 05:04 . 2009-10-24 05:38 -------- d-----w- c:\documents and settings\Jon\Application Data\AdobeUM 2009-12-09 11:09 . 2009-10-28 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-20 08:44 . 2009-09-02 03:29 70264 ----a-w- c:\documents and settings\Allan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-20 08:20 . 2009-11-20 08:20 127872 ----a-w- c:\documents and settings\Allan\Application Data\Move Networks\uninstall.exe 2009-11-20 08:19 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Allan\Application Data\Move Networks\plugins\npqmp071503000010.dll 2009-11-16 18:59 . 2009-09-02 04:08 70264 ----a-w- c:\documents and settings\Jon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-07 10:37 . 2009-11-07 10:37 -------- d-----w- c:\program files\MSBuild 2009-11-07 10:37 . 2009-11-07 10:37 -------- d-----w- c:\program files\Reference Assemblies 2009-11-07 10:30 . 2009-11-07 10:30 -------- d-----w- c:\program files\MSXML 6.0 2009-11-03 08:26 . 2004-05-12 10:19 -------- d-----w- c:\program files\Microsoft Works 2009-10-29 07:46 . 2006-06-23 18:33 832512 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 07:46 . 2009-09-01 20:46 78336 ------w- c:\windows\system32\ieencode.dll 2009-10-29 07:46 . 2004-05-12 09:42 17408 ------w- c:\windows\system32\corpol.dll 2009-10-28 11:31 . 2009-10-28 09:40 -------- d-----w- c:\documents and settings\Jon\Application Data\GetRightToGo 2009-10-28 09:25 . 2009-10-28 09:25 -------- d-----w- c:\program files\MSECache 2009-10-21 05:38 . 2009-09-01 20:46 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 05:38 . 2009-09-01 20:45 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-20 16:20 . 2009-09-01 20:46 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2006-05-14 09:13 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-05-12 09:43 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-05-12 09:43 79872 ----a-w- c:\windows\system32\raschap.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968] "Google Update"="c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-08 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CHotkey"="zHotkey.exe" [2003-06-03 496640] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-23 71280] "NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096] "SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-01 149280] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-09-01 95960] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464] "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-5-12 1742384] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [x] S1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [2009-04-06 704384] S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2009-02-19 31128] S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 257432] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.emachines.com/ uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\yodx80lh.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - plugin: c:\documents and settings\Allan\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-notepad - c:\windows\system32\config\SYSTEM~1\ntload.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-19 15:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2432) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\COMMON~1\AOL\ACS\acsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Norton AntiVirus\navapsvc.exe c:\program files\Norton AntiVirus\SAVScan.exe c:\windows\wanmpsvc.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\system32\wscntfy.exe c:\windows\zHotkey.exe c:\program files\iPod\bin\iPodService.exe c:\program files\AIM6\aolsoftware.exe . ************************************************************************** . Completion time: 2009-12-19 15:16:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-19 23:16 Pre-Run: 27,159,076,864 bytes free Post-Run: 28,998,504,448 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - AAE241DC310C6D7947C5494AE71BC32A
  9. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:27:13 PM, on 12/19/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\zHotkey.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\eMachines Bay Reader\shwiconem.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0 (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\WINDOWS\TEMP\dhndbye42s.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0 (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1251683478609 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7999 bytes
  10. Malwarebytes' Anti-Malware 1.42 Database version: 3383 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 12/19/2009 2:08:25 PM mbam-log-2009-12-19 (14-08-25).txt Scan type: Quick Scan Objects scanned: 119828 Time elapsed: 47 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Allan\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
  11. The MBAM instructions from myantispyware.com?
  12. DDS (Ver_09-12-01.01) - NTFSx86 Run by Jon at 23:04:11.39 on Thu 12/17/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.36 [GMT -8:00] FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\zHotkey.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\eMachines Bay Reader\shwiconem.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jon\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.emachines.com/ uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\jon\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [CHotkey] zHotkey.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [NAV CfgWiz] c:\program files\common files\symantec shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" mRun: [sunKistEM] c:\program files\emachines bay reader\shwiconem.exe mRun: [<NO NAME>] mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [notepad] rundll32.exe c:\windows\system32\config\system~1\ntload.dll,_IWMPEvents@0 dRun: [ygua8e7yhuiesfha876yfauy8fe] c:\windows\temp\dhndbye42s.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe mPolicies-system: EnableLUA = 0 (0x0) dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) dPolicies-system: DisableTaskMgr = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251683478609 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\yodx80lh.default\ FF - plugin: c:\documents and settings\allan\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\jon\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-9-1 31128] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-9-1 257432] =============== Created Last 30 ================ 2009-12-18 03:52:19 0 d-----w- c:\docume~1\jon\applic~1\Malwarebytes 2009-12-18 03:52:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-18 03:52:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-18 03:52:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-18 03:52:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-18 03:04:23 0 d--h--w- c:\windows\PIF 2009-12-18 02:58:55 0 d-----w- c:\program files\Trend Micro 2009-12-14 05:37:39 0 d-----w- c:\windows\system32\scripting 2009-12-14 05:37:21 0 d-----w- c:\windows\l2schemas 2009-12-14 05:37:15 0 d-----w- c:\windows\system32\en ==================== Find3M ==================== 2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 07:46:52 78336 ------w- c:\windows\system32\ieencode.dll 2009-10-29 07:46:50 17408 ------w- c:\windows\system32\corpol.dll 2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll 2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll ============= FINISH: 23:51:20.65 ===============
  13. Hey screen317, I wish I saw your post before I proceeded with the help I was given from someone that had a similar problem. Now I'm having new problems with redirecting links on google and others.
  14. Hello everyone! I'm in some trouble with a problem on my computer. Nothing yet has happened but there is a prompt on my desktop during startup warning me about imminent problems. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:59:22 PM, on 12/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\system32\winupdate86.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\eMachines Bay Reader\shwiconem.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BigFix\BigFix.exe C:\DOCUME~1\Jon\LOCALS~1\Temp\taskmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\DOCUME~1\Jon\LOCALS~1\Temp\setup.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll F2 - REG:system.ini: Shell=Explorer.exe logon.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe O2 - BHO: C:\WINDOWS\system32\twxufij.dll - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\twxufij.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\Jon\ntload.dll,_IWMPEvents@0 O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Jon\LOCALS~1\Temp\setup.exe O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0 (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\WINDOWS\TEMP\dhndbye42s.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\ntload.dll,_IWMPEvents@0 (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1251683478609 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll O22 - SharedTaskScheduler: ujhsf879fiosdfhgs98fudifmnddfdfd - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\twxufij.dll O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9024 bytes
  15. Hey screen317 I bought a external hard drive to backup my files and just restored my whole computer. Thank you for the help. What programs should I dl to avoid having this happen to me again?
  16. Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 5.1.2600 Service Pack 3 8/30/2009 1:21:52 AM mbam-log-2009-08-30 (01-21-52).txt Scan type: Full Scan (C:\|) Objects scanned: 189314 Time elapsed: 2 hour(s), 43 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\ccwygkvw.exe.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\rcvbm.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\umoikchf.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\yihw.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe.vir (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\net.net.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
  17. I understand that my computer isn't safe anymore. If its possible, I'd like to get my desktop back so I can move some files to another hard drive. It's pretty hard to move things around using task manager.
  18. Scan type: Quick Scan Objects scanned: 107394 Time elapsed: 9 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 7 Registry Data Items Infected: 5 Folders Infected: 1 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\asc 2.1 (Rogue.AntiSpyCheck) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\041f76a9 (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ponunemele (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm072c4535 (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ASC32 (Rogue.AntiSpyCheck) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\11088284 (Rogue.Multiple) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken. Files Infected: C:\WINDOWS\system32\UACekultoflxe.dll (Trojan.TDSS) -> No action taken. C:\WINDOWS\system32\UACflngsobpxv.dll (Trojan.TDSS) -> No action taken. C:\WINDOWS\system32\UACnxmfjexvkd.dll (Trojan.TDSS) -> No action taken. C:\WINDOWS\system32\UACspyprrjecb.dll (Rogue.Agent) -> No action taken. C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> No action taken. C:\Documents and Settings\Jon Carian\Favorites\Antivirus Scan.url (Rogue.Link) -> No action taken. C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\UACgxdkpbimpa.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\UAChgtymyhwlt.dat (Trojan.Agent) -> No action taken.
  19. I was just able to run malwarebytes! Is there anything I should post for you to see??
  20. ComboFix opened and scanned my computer. Then it needed to reboot my computer and after the reboot it didnt open itself up again. I ran the program and was greeted with a prompt that said windows could not find combofix. Did it create a log and i just have to find it or did this problem take over again?
  21. ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\UACspyprrjecb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [772] 0x01320000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\UACrqfxmhfqjw.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACflngsobpxv.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACspyprrjecb.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UAChgtymyhwlt.dat Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UAChwbrnsrtin.db Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACgxdkpbimpa.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACekultoflxe.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACnxmfjexvkd.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACflngsobpxv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACspyprrjecb.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UAChgtymyhwlt.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UAChwbrnsrtin.db Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACgxdkpbimpa.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACekultoflxe.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACnxmfjexvkd.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACflngsobpxv.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACspyprrjecb.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UAChgtymyhwlt.dat Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UAChwbrnsrtin.db Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACgxdkpbimpa.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACekultoflxe.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACnxmfjexvkd.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACflngsobpxv.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACspyprrjecb.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UAChgtymyhwlt.dat Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UAChwbrnsrtin.db Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACgxdkpbimpa.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACekultoflxe.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACnxmfjexvkd.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs cru629.dat Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 60: copy of MBR ---- EOF - GMER 1.0.15 ----
  22. ---- System - GMER 1.0.15 ---- Code 832EC9A8 ZwEnumerateKey Code 82EFE920 ZwFlushInstructionCache Code 832EC9DE IofCallDriver Code 82EF1E9E IofCompleteRequest Code 82EFE8E5 ZwSaveKey Code 8335E715 ZwSaveKeyEx ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\Program Files\McAfee\MSK\MskSrver.exe [488] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [768] 0x35670000 Library \\?\globalroot\systemroot\system32\UACspyprrjecb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [768] 0x019A0000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [928] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [1016] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1104] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1124] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1208] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1244] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1304] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [1364] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1432] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1648] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\Program Files\McAfee\MPF\MPFSrv.exe [1752] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [2236] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\Program Files\aim\aim.exe [2400] 0x35670000 Library \\?\globalroot\Device\__max++>\83DEF990.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [3460] 0x35670000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\UACrqfxmhfqjw.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACflngsobpxv.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACspyprrjecb.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UAChgtymyhwlt.dat Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UAChwbrnsrtin.db Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACgxdkpbimpa.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACekultoflxe.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACnxmfjexvkd.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACrqfxmhfqjw.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACflngsobpxv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACspyprrjecb.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UAChgtymyhwlt.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UAChwbrnsrtin.db Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACgxdkpbimpa.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACekultoflxe.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACnxmfjexvkd.dll GMER 1.0.15.15077 [oc0lqb51.exe] - http://www.gmer.net Rootkit scan 2009-08-25 18:28:23 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code 830EFDC8 ZwEnumerateKey Code 830F19E8 ZwFlushInstructionCache Code 830EEE96 IofCallDriver Code 830EE0E6 IofCompleteRequest Code 830F1D55 ZwSaveKey Code 830FD405 ZwSaveKeyEx ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKey 804DD6E8 5 Bytes JMP 830F1D5A .text ntoskrnl.exe!ZwSaveKeyEx 804DD6FC 5 Bytes JMP 830FD40A .text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 830EEE9B .text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 830EE0EB PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 830EFDCC PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 830F19EC ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0096000A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0097000A .text C:\WINDOWS\system32\bgsvcgen.exe[488] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0095000A .text C:\WINDOWS\system32\bgsvcgen.exe[488] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096000A .text C:\Program Files\Bonjour\mDNSResponder.exe[516] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A .text C:\Program Files\Bonjour\mDNSResponder.exe[516] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A .text C:\WINDOWS\system32\winlogon.exe[552] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007C000A .text C:\WINDOWS\system32\winlogon.exe[552] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007D000A .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008C000A .text C:\WINDOWS\system32\services.exe[596] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008D000A .text C:\WINDOWS\system32\lsass.exe[616] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0093000A .text C:\WINDOWS\system32\lsass.exe[616] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0097000A .text C:\Program Files\Java\jre6\bin\jqs.exe[740] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A .text C:\Program Files\Java\jre6\bin\jqs.exe[740] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C2000A .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C3000A .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BB000A .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BC000A .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A3000A .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A4000A .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009A000A .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009B000A .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A3000A .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A4000A .text C:\WINDOWS\System32\alg.exe[1256] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0095000A .text C:\WINDOWS\System32\alg.exe[1256] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096000A .text C:\Program Files\McAfee\MSK\MskSrver.exe[1268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0095000A .text C:\Program Files\McAfee\MSK\MskSrver.exe[1268] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096000A .text C:\WINDOWS\system32\spoolsv.exe[1460] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BB000A .text C:\WINDOWS\system32\spoolsv.exe[1460] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BC000A .text C:\WINDOWS\system32\taskmgr.exe[3672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BB000A .text C:\WINDOWS\system32\taskmgr.exe[3672] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BC000A .text C:\Documents and Settings\Jon Carian\Desktop\oc0lqb51.exe[3800] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C6000A .text C:\Documents and Settings\Jon Carian\Desktop\oc0lqb51.exe[3800] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C7000A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\WINDOWS\System32\svchost.exe[432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\System32\svchost.exe[432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117 IAT C:\WINDOWS\System32\svchost.exe[432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2 IAT C:\WINDOWS\System32\svchost.exe[432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080 IAT C:\WINDOWS\System32\svchost.exe[432] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\System32\svchost.exe[432] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\System32\svchost.exe[432] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\System32\svchost.exe[432] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\System32\svchost.exe[432] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\System32\svchost.exe[432] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\system32\bgsvcgen.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\WINDOWS\system32\bgsvcgen.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\WINDOWS\system32\bgsvcgen.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\WINDOWS\system32\bgsvcgen.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\WINDOWS\system32\bgsvcgen.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\WINDOWS\system32\bgsvcgen.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\WINDOWS\system32\bgsvcgen.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\WINDOWS\system32\bgsvcgen.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\WINDOWS\system32\bgsvcgen.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\WINDOWS\system32\bgsvcgen.exe[488] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Bonjour\mDNSResponder.exe[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Bonjour\mDNSResponder.exe[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\Program Files\Bonjour\mDNSResponder.exe[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\Program Files\Bonjour\mDNSResponder.exe[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\Program Files\Bonjour\mDNSResponder.exe[516] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Bonjour\mDNSResponder.exe[516] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Bonjour\mDNSResponder.exe[516] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Bonjour\mDNSResponder.exe[516] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Bonjour\mDNSResponder.exe[516] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Bonjour\mDNSResponder.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00FD51CB IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FD51CB IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FD5117 IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FD50B2 IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FD5080 IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00FD5736 IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00FD5484 IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00FD5736 IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00FD5484 IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00FD5736 IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FD51CB IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 010951CB IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01095117 IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 010950B2 IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01095080 IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 01095117 IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 010951CB IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 01095117 IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 010950B2 IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 01095484 IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 01095736 IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 01095736 IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 01095484 IAT C:\WINDOWS\system32\lsass.exe[616] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 01095736 IAT C:\Program Files\Java\jre6\bin\jqs.exe[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Java\jre6\bin\jqs.exe[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\Program Files\Java\jre6\bin\jqs.exe[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\Program Files\Java\jre6\bin\jqs.exe[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\Program Files\Java\jre6\bin\jqs.exe[740] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\Java\jre6\bin\jqs.exe[740] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Java\jre6\bin\jqs.exe[740] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Java\jre6\bin\jqs.exe[740] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\Java\jre6\bin\jqs.exe[740] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\Java\jre6\bin\jqs.exe[740] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D65080 IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135484 IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00135736 IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135484 IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00135736 IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135484 IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00135736 IAT c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[904] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[912] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 010B51CB IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 010B5117 IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 010B50B2 IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 010B5080 IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 010B5484 IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 010B5736 IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 010B5736 IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 010B5484 IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 010B5736 IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 010B51CB IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01A651CB IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01A65117 IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01A650B2 IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01A65080 IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 01A65484 IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 01A65736 IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 01A65736 IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 01A65484 IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 01A65736 IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01A651CB IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00135736 IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135484 IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00135736 IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135484 IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1144] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\WINDOWS\System32\alg.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\System32\alg.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117 IAT C:\WINDOWS\System32\alg.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2 IAT C:\WINDOWS\System32\alg.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080 IAT C:\WINDOWS\System32\alg.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\System32\alg.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\System32\alg.exe[1256] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\System32\alg.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\System32\alg.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\System32\alg.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00405736 IAT C:\Program Files\McAfee\MSK\MskSrver.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\Program Files\McAfee\MSK\MskSrver.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117 IAT C:\Program Files\McAfee\MSK\MskSrver.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2 IAT C:\Program Files\McAfee\MSK\MskSrver.exe[1268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080 IAT C:\Program Files\McAfee\MSK\MskSrver.exe[1268] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\McAfee\MSK\MskSrver.exe[1268] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\McAfee\MSK\MskSrver.exe[1268] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\McAfee\MSK\MskSrver.exe[1268] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00135484 IAT C:\Program Files\McAfee\MSK\MskSrver.exe[1268] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00135736 IAT C:\Program Files\McAfee\MSK\MskSrver.exe[1268] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB IAT C:\WINDOWS\System32\svchost.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB IAT C:\WINDOWS\System32\svchost.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117 IAT C:\WINDOWS\System32\svchost.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2 IAT C:\WINDOWS\System32\svchost.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080 IAT C:\WINDOWS\System32\svchost.exe[1552] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\System32\svchost.exe[1552] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\System32\svchost.exe[1552] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\System32\svchost.exe[1552] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00405484 IAT C:\WINDOWS\System32\svchost.exe[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00405736 IAT C:\WINDOWS\System32\svchost.exe[1552] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.