skizzo
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by skizzo
-
-
hey i can t get the trial version, i dont really understand russian ? if you download it does it ask you to dowload the trial version ? this is the url http://forums.malwarebytes.org/index.php?showtopic=43468
-
ye i have i can t see a radio button to select ... it looks like the software don t istalls ...
i ve posted some screen shots ...
s
-
Hi again i ve downloaded the program disconnected the laptop from the internet and when i click on the drweb-cureit.exe a green screen comes up telling me that the dr web is free for home pc only if i want to read the purchase term now, i click cancel and i have a green page with star and update, click on start and the scan starts takes half a second then tells me that there is notthing suspiciouse or viruses ( RC = 0) and then it askes me if i want to open teh FAQ if i click ok it goes to a web page, if i click cancel it goes back to the main green page but the only option i have is to download a full version trial to some russian web site that i dont understand ? do you want me to download the full version ? i also have lots of .pf file in c: \windows\prefetch .....
-
Hey i am back ... with more issues ...
I can t run the online scan, the page do not load and I can t seem to start the scan manually either in internet explorer the pag has lots of red crosses and does not display properly ... other pages are working fine ....if i go to sophos web site the page times out ...
I don t know about you but i m tempted to format c:\*.* ;o)
-
hey success .. ;o) the malwarebytes ran after i started the winlogon ..... log attached
mbam_log_2010_03_18__22_18_01_.txt
thanks again .. feels like we making lill progress ....
skizzo
-
Hi when i start running the program the program closes and the scan stops can i run this in safe mode ?
PS I will be away from tomorrow morning till tuesday morning if you not able to get back to me tonight I ll spk to you on tuesday
-
Hi if i run the program in safe mode i get the same error, the process has a big log file, do you want me post the log file ? after the error the scan carries on but sometime it tells me that there is not enough free system memory ( laptop has 2Gb and when combofix runs the system has 1.5gb of mem available )
Shall i ignore the error and carry on the scan ?
thanks for your help I warned you that this one was a bit of a strange one
s
-
Good!
Step 1:
* Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Please, check in your main hard drive are there any other folders like: Combo-Fix, QooBox .... if is there, please manually delete it.
Hi I have ran the combofix /u the scan started again and i got the same message at complete stage_2 I PEV.cfxxe has encountered a problem and needs to close, i clicked send the error report and the scann continued, the system didnt reboot and the combofix created this log file
-
-
-
About your problem with ComboFix: please manually delete your copy of ComboFix.exe and ComboFix folder at your mine hard drive ( C:\ ). Then download a new fresh copy of ComboFix and follow the instructions again.
Hi I have deleted the combofix file and deleted the folder, downloaded the file from new again but same error came up ? is there anything else i can do ?
Thanks
Skizzo
-
Hi Borislav, thank you for coming to my rescue
) Wile i was running the combofix at complete stage_2 I got a message PEV.cfxxe has encountered a problem and needs to close, i clicked send the error report and the scann continued.
Aslo afte the scan the combofix restarted the PC.
Logs attached ......
many thanks for your help.
Skizzo ....
-
i ve managed to run the GMER utility too below the logs.. i also get the RPc terminated unexpectedly ..reboot the machine ...
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-16 17:51:39
Windows 5.1.2600 Service Pack 3
Running: xg7iebzh.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugriapoc.sys
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF5776EBF]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[212] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\svchost.exe[212] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\svchost.exe[212] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\svchost.exe[212] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\svchost.exe[212] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\svchost.exe[212] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\HHVcdV7Sys\VC7SecS.exe[276] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10013DF4
.text C:\Program Files\HHVcdV7Sys\VC7SecS.exe[276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10013C3C
.text C:\Program Files\HHVcdV7Sys\VC7SecS.exe[276] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10013E78
.text C:\Program Files\HHVcdV7Sys\VC7SecS.exe[276] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10013AF0
.text C:\Program Files\HHVcdV7Sys\VC7SecS.exe[276] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10013264
.text C:\Program Files\HHVcdV7Sys\VC7SecS.exe[276] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100127F8
.text C:\Program Files\HHVcdV7Sys\VC7SecS.exe[276] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1001278C
.text C:\Program Files\HHVcdV7Sys\VC7SecS.exe[276] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10013A9C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[392] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[392] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[392] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[392] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[392] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[392] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[392] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\UltraVNC\WinVNC.exe[456] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\UltraVNC\WinVNC.exe[456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\UltraVNC\WinVNC.exe[456] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\UltraVNC\WinVNC.exe[456] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\UltraVNC\WinVNC.exe[456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\UltraVNC\WinVNC.exe[456] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\UltraVNC\WinVNC.exe[456] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\UltraVNC\WinVNC.exe[456] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\spoolsv.exe[564] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\spoolsv.exe[564] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\spoolsv.exe[564] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\spoolsv.exe[564] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\spoolsv.exe[564] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[720] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[720] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[720] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[720] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[720] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[720] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[720] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[808] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[808] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[808] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[808] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[808] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[808] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[808] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[880] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10183DF4
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10183C3C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[880] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10183E78
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[880] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10183AF0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10183264
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[880] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 101827F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1018278C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10183A9C
.text C:\Program Files\Java\jre6\bin\jqs.exe[944] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Java\jre6\bin\jqs.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Java\jre6\bin\jqs.exe[944] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Java\jre6\bin\jqs.exe[944] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Java\jre6\bin\jqs.exe[944] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Java\jre6\bin\jqs.exe[944] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[944] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Java\jre6\bin\jqs.exe[944] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\mqsvc.exe[972] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\mqsvc.exe[972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\mqsvc.exe[972] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\mqsvc.exe[972] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\mqsvc.exe[972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\mqsvc.exe[972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\mqsvc.exe[972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\mqsvc.exe[972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\winlogon.exe[992] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\winlogon.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\winlogon.exe[992] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\winlogon.exe[992] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\winlogon.exe[992] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\winlogon.exe[992] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\winlogon.exe[992] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\winlogon.exe[992] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\services.exe[1048] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\services.exe[1048] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\services.exe[1048] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\services.exe[1048] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\services.exe[1048] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\services.exe[1048] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\services.exe[1048] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\lsass.exe[1060] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\lsass.exe[1060] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\lsass.exe[1060] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\lsass.exe[1060] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\lsass.exe[1060] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\svchost.exe[1244] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\svchost.exe[1244] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\System32\svchost.exe[1364] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\System32\svchost.exe[1364] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\System32\svchost.exe[1364] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\System32\svchost.exe[1364] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\System32\svchost.exe[1364] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1468] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1468] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1468] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1468] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1468] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1468] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1468] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1576] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10083DF4
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10083C3C
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1576] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10083E78
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1576] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10083AF0
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1576] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10083264
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1576] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100827F8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1576] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1008278C
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1576] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10083A9C
.text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[1612] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[1612] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[1612] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[1612] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[1612] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[1612] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[1612] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe[1816] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe[1816] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe[1816] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe[1816] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe[1816] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe[1816] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe[1816] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1880] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1880] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1880] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1880] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1880] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1880] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1880] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1920] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10113DF4
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10113C3C
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1920] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10113E78
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1920] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10113AF0
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1920] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10113264
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1920] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 101127F8
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1920] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1011278C
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1920] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10113A9C
.text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[1992] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[1992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[1992] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[1992] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[1992] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[1992] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[1992] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[1992] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Sophos\Remote Management System\RouterNT.exe[2024] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Sophos\Remote Management System\RouterNT.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Sophos\Remote Management System\RouterNT.exe[2024] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Sophos\Remote Management System\RouterNT.exe[2024] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Sophos\Remote Management System\RouterNT.exe[2024] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Sophos\Remote Management System\RouterNT.exe[2024] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Sophos\Remote Management System\RouterNT.exe[2024] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Sophos\Remote Management System\RouterNT.exe[2024] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\mqtgsvc.exe[2256] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\mqtgsvc.exe[2256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\mqtgsvc.exe[2256] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\mqtgsvc.exe[2256] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\mqtgsvc.exe[2256] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\mqtgsvc.exe[2256] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\mqtgsvc.exe[2256] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\mqtgsvc.exe[2256] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2384] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\Explorer.EXE[3248] ntdll.dll!NtQueryDirectoryFile + 6 7C90D774 4 Bytes [90, 61, C8, 00]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3320] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10063DF4
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10063C3C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3320] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10063E78
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3320] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10063AF0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3320] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10063264
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3320] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100627F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3320] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1006278C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3320] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10063A9C
.text C:\WINDOWS\system32\igfxtray.exe[3340] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10023DF4
.text C:\WINDOWS\system32\igfxtray.exe[3340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10023C3C
.text C:\WINDOWS\system32\igfxtray.exe[3340] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10023E78
.text C:\WINDOWS\system32\igfxtray.exe[3340] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10023AF0
.text C:\WINDOWS\system32\igfxtray.exe[3340] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10023264
.text C:\WINDOWS\system32\igfxtray.exe[3340] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100227F8
.text C:\WINDOWS\system32\igfxtray.exe[3340] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1002278C
.text C:\WINDOWS\system32\igfxtray.exe[3340] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10023A9C
.text C:\WINDOWS\system32\igfxpers.exe[3356] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\igfxpers.exe[3356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\igfxpers.exe[3356] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\igfxpers.exe[3356] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\igfxpers.exe[3356] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\igfxpers.exe[3356] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\igfxpers.exe[3356] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\igfxpers.exe[3356] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\igfxsrvc.exe[3412] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\igfxsrvc.exe[3412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\igfxsrvc.exe[3412] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\igfxsrvc.exe[3412] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\igfxsrvc.exe[3412] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\igfxsrvc.exe[3412] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\igfxsrvc.exe[3412] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\igfxsrvc.exe[3412] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\ctfmon.exe[3500] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\ctfmon.exe[3500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\ctfmon.exe[3500] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\ctfmon.exe[3500] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\ctfmon.exe[3500] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\ctfmon.exe[3500] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\ctfmon.exe[3500] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\ctfmon.exe[3500] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3608] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3608] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3608] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3608] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3608] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[3904] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[3904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[3904] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[3904] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[3904] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[3904] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[3904] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[3904] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ws2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winesm32.exe[3960] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winesm32.exe[3960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winesm32.exe[3960] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winesm32.exe[3960] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winesm32.exe[3960] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3972] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 10003DF4
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3972] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3972] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003AF0
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10003264
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1000278C
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[3972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003A9C
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2732] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
---- EOF - GMER 1.0.15 ----
once again thanks
-
Hi I have been dealing with something a bit strange in the last few days. I have lost the wi fi connection on my laptop to begin with and now all sort of things are happening. I have sophos installed and up to date still managed to catch something strange. I have installed malwarebytes but this keep colosing after few seconds .. also my sophos service do not start anymore.... any help much appreciated Gmer keeps crashing or I GET A BLUE SCREEN ...
DSS logs
DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 16:37:25.76 on 16/03/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1591 [GMT 0:00]
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winesm32.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\malware\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.co.uk/
mDefault_Page_URL = hxxp://www.google.co.uk
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Aim6]
uRun: [gStart] c:\garmin\gStart.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HomeKeyLogger] c:\program files\homekeylogger\KeyLogger.exe
mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\winesm32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4819DFDF-ABC4-488C-A323-919848C51175} - hxxp://portal3.rinera.com/download/ConvivaStreamingPlugin-1.7.0.cab
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267052785453
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267052772062
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9CFB9269-2A81-4499-BD8D-9C8A302D140B} - hxxp://spsdms/osd/DMSAdmin30050.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\xmnz6g5b.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
==================== Find3M ====================
============= FINISH: 16:38:46.28 ===============
)
got something well bad help pls ...
in Resolved Malware Removal Logs
Posted
hi i can t access the page in IE or firefox i get an error
405 Not Allowed
--------------------------------------------------------------------------------
nginx/0.8.15