Jump to content

Program Compability Assistant iexplore


Recommended Posts

Hi all this is my first ost... i am usually ok at removing roblems myself but this one has me stumped..

I read a recent post on this site followed most of the advice and got no results..

can any one help me please? When i go into my myspace i am redirected to a stuid codec site asking for money, i am not stupid u spyware idiots. i am getting this message: Program Compability Assistant

This program requires a missing Windows codec

Check for a solution on the Microsoft Website, If a solution is available, there will be steps you can follow to fix the problem.

Program: Internet Explorer

Publisher: Microsoft Corporation

Location: C:\Program Files\Internet Explorer\iexplore.exe

Download required components

can any one help me?

Link to post
Share on other sites

ok so this is what the latest malware bytes scan shows

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4182

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

09/06/2010 03:53:57

mbam-log-2010-06-09 (03-53-57).txt

Scan type: Quick scan

Objects scanned: 124982

Time elapsed: 9 minute(s), 2 second(s)

Memory Processes Infected: 6

Memory Modules Infected: 1

Registry Keys Infected: 5

Registry Values Infected: 8

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 21

Memory Processes Infected:

C:\program files\windows nt\Pinball\pinballpinball.exe (Trojan.Downloader.Gen) -> Unloaded process successfully.

C:\program files\zte_mf627_legacy_driver_1.2059.0.4\switchtomodemswitchtomodem1.0.1.14.exe (Trojan.Downloader.Gen) -> Unloaded process successfully.

C:\program files\Cakewalk\shared dxi\revalver se\presets\asymetricalhallr.exe (Trojan.Downloader.Gen) -> Unloaded process successfully.

C:\program files\Cakewalk\shared utilities\modulecw11auto10.5.1.10.exe (Trojan.Downloader.Gen) -> Unloaded process successfully.

C:\program files\Cakewalk\shared dxi\revalver se\presets\asymetricalhallr.exe (Trojan.Downloader.Gen) -> Unloaded process successfully.

C:\program files\Cakewalk\shared utilities\modulecw11auto10.5.1.10.exe (Trojan.Downloader.Gen) -> Unloaded process successfully.

Memory Modules Infected:

C:\WINDOWS\actedn.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BarDiscover Service (Adware.BarDiscover) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BARDISCOVER_SERVICE (Adware.BarDiscover) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sft (Backdoor.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dgopewig (Trojan.Hiloti) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pinballpinball (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\switchtomodemswitchtomodem (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hallrasymetrical (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asymetricalhallr (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cw11automp3enc10.5.1.10 (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mp3enccw11auto (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{b8858f31-b352-6689-b27a-8cf3c98732e8} (Trojan.PWS) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\actedn.dll (Trojan.Hiloti) -> Delete on reboot.

C:\program files\windows nt\Pinball\pinballpinball.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

C:\program files\zte_mf627_legacy_driver_1.2059.0.4\switchtomodemswitchtomodem1.0.1.14.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

C:\program files\Cakewalk\shared dxi\revalver se\presets\asymetricalhallr.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

C:\program files\Cakewalk\shared utilities\modulecw11auto10.5.1.10.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\A Valued Customer\Application Data\Axlaha\yvah.exe (Trojan.PWS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msihost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\A Valued Customer\Local Settings\Temp\Pxg.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

C:\Documents and Settings\A Valued Customer\Local Settings\Temp\Pxj.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

C:\Documents and Settings\A Valued Customer\Local Settings\Temp\Pxk.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

C:\Documents and Settings\A Valued Customer\Local Settings\Temp\Pxm.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

C:\Documents and Settings\A Valued Customer\Local Settings\Temp\Pxn.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

C:\Documents and Settings\A Valued Customer\Local Settings\Temp\cc159805.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\A Valued Customer\Local Settings\Temp\fce3893c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Pqezoa.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

C:\WINDOWS\Pqezob.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

C:\WINDOWS\sqlb2220.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\WINDOWS\tkoo53238.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\WINDOWS\efeg78577.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Program Files\BarDiscover\bardiscover.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.

C:\Documents and Settings\A Valued Customer\Local Settings\Temp\jkcensoredjs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

thing is it didnt work..

Link to post
Share on other sites

Hi,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 28/04/2010 08:59:23

System Uptime: 06/12/2010 20:47:54 (-4245 hours ago)

Motherboard: Dell Inc. | | 0KD882

Processor: Genuine Intel® CPU T2080 @ 1.73GHz | Microprocessor | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 203.66 GiB free.

D: is CDROM (CDFS)

E: is CDROM (CDFS)

F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Dell Wireless 1390 WLAN Mini-Card

Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0

Manufacturer: Broadcom

Name: Dell Wireless 1390 WLAN Mini-Card

PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0

Service: BCM43XX

==== System Restore Points ===================

RP3: 12/05/2010 13:17:52 - System Checkpoint

RP4: 13/05/2010 03:46:19 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

RP5: 13/05/2010 04:07:16 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

RP6: 15/05/2010 16:10:58 - System Checkpoint

RP7: 17/05/2010 01:16:40 - System Checkpoint

RP8: 17/05/2010 19:37:09 - Installed Morrowind

RP9: 17/05/2010 19:38:54 - Installed TES Construction Set

RP10: 17/05/2010 19:39:44 - Installed Tribunal

RP11: 17/05/2010 19:41:12 - Installed Bloodmoon

RP12: 17/05/2010 23:55:33 -

RP13: 18/05/2010 01:25:16 - Installed SAMB_ADVMB_FILTER_DRV

RP14: 19/05/2010 14:26:16 - System Checkpoint

RP15: 20/05/2010 15:11:19 - System Checkpoint

RP16: 23/05/2010 03:22:02 - Removed Steinberg HALionOne

RP17: 26/05/2010 23:13:15 - System Checkpoint

RP18: 31/05/2010 17:45:16 - System Checkpoint

RP19: 03/06/2010 02:07:14 - System Checkpoint

RP20: 05/06/2010 00:23:31 - Removed 3Connect

RP21: 05/06/2010 00:25:31 - Installed 3Connect

RP22: 06/06/2010 00:50:57 - System Checkpoint

RP23: 08/06/2010 12:58:46 - System Checkpoint

RP24: 09/06/2010 03:35:31 - Removed Java 6 Update 16

RP25: 09/06/2010 04:04:12 - Installed Java 6 Update 20

RP26: 09/06/2010 05:59:14 - Uninstall Syncrosoft's License Control

RP27: 11/06/2010 22:53:24 - Installed Microsoft Office Home and Student 2007

RP28: 11/06/2010 22:58:10 - Printer Driver Send To Microsoft OneNote Driver Installed

RP29: 12/06/2010 09:01:42 - Installed RGSS-RTP Standard

RP30: 12/06/2010 09:02:12 - Installed RPGXP

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Hosts: 74.125.45.100 secure-plus-payments.com

Hosts: 74.125.45.100 www.getantivirusplusnow.com

Hosts: 74.125.45.100 www.secure-plus-payments.com

Hosts: 74.125.45.100 www.getavplusnow.com

Hosts: 74.125.45.100 safebrowsing-cache.google.com

Hosts: 74.125.45.100 urs.microsoft.com

Hosts: 74.125.45.100 www.securesoftwarebill.com

Hosts: 74.125.45.100 secure.paysecuresystem.com

Hosts: 74.125.45.100 paysoftbillsolution.com

Hosts: 74.125.45.100 protected.maxisoftwaremart.com

==== Installed Programs ======================

3Connect

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Broadcom 440x 10/100 Integrated Controller

Conexant HDA D110 MDC V.92 Modem

Dell Wireless WLAN Card

DreamStation DXi2

FixedLength

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB979306)

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 20

Looper

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Morrowind

MSVCRT

RGSS-RTP Standard

Rhythm'n'Chords 2 Lite CW

RPG Maker VX

RPG Maker VX RTP

RPGXP

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Segoe UI

SigmaTel Audio

SlicyDrummer Lite

SONAR 2.2

Sonic Timeworks Sonar 2 Plug-ins

Sound Blaster ADVANCED MB Drivers

Style Enhancer Micro 2.0

SUPERAntiSpyware Free Edition

Switch Sound File Converter

TES Construction Set

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB980302)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB980182)

VeloMaster Lite CW

WebFldrs XP

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

WinRAR archiver

ZTE_MF627_USB_MODEM_1.2059.0.4

==== Event Viewer Messages From Past Week ========

11/06/2010 22:58:33, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

11/06/2010 22:58:33, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/06/2010 22:58:33, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/06/2010 04:34:35, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.

09/06/2010 03:36:00, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

09/06/2010 03:16:42, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

09/06/2010 03:16:42, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

09/06/2010 03:15:42, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

09/06/2010 02:32:58, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

09/06/2010 02:27:32, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

09/06/2010 01:42:19, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

09/06/2010 01:42:19, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

09/06/2010 01:42:19, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

09/06/2010 01:42:19, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

09/06/2010 01:42:19, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

09/06/2010 01:26:29, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

05/06/2010 00:23:15, error: Service Control Manager [7000] - The BecHelperService service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 28/04/2010 08:59:23

System Uptime: 06/12/2010 20:47:54 (-4245 hours ago)

Motherboard: Dell Inc. | | 0KD882

Processor: Genuine Intel® CPU T2080 @ 1.73GHz | Microprocessor | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 203.66 GiB free.

D: is CDROM (CDFS)

E: is CDROM (CDFS)

F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Dell Wireless 1390 WLAN Mini-Card

Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0

Manufacturer: Broadcom

Name: Dell Wireless 1390 WLAN Mini-Card

PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0

Service: BCM43XX

==== System Restore Points ===================

RP3: 12/05/2010 13:17:52 - System Checkpoint

RP4: 13/05/2010 03:46:19 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

RP5: 13/05/2010 04:07:16 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

RP6: 15/05/2010 16:10:58 - System Checkpoint

RP7: 17/05/2010 01:16:40 - System Checkpoint

RP8: 17/05/2010 19:37:09 - Installed Morrowind

RP9: 17/05/2010 19:38:54 - Installed TES Construction Set

RP10: 17/05/2010 19:39:44 - Installed Tribunal

RP11: 17/05/2010 19:41:12 - Installed Bloodmoon

RP12: 17/05/2010 23:55:33 -

RP13: 18/05/2010 01:25:16 - Installed SAMB_ADVMB_FILTER_DRV

RP14: 19/05/2010 14:26:16 - System Checkpoint

RP15: 20/05/2010 15:11:19 - System Checkpoint

RP16: 23/05/2010 03:22:02 - Removed Steinberg HALionOne

RP17: 26/05/2010 23:13:15 - System Checkpoint

RP18: 31/05/2010 17:45:16 - System Checkpoint

RP19: 03/06/2010 02:07:14 - System Checkpoint

RP20: 05/06/2010 00:23:31 - Removed 3Connect

RP21: 05/06/2010 00:25:31 - Installed 3Connect

RP22: 06/06/2010 00:50:57 - System Checkpoint

RP23: 08/06/2010 12:58:46 - System Checkpoint

RP24: 09/06/2010 03:35:31 - Removed Java 6 Update 16

RP25: 09/06/2010 04:04:12 - Installed Java 6 Update 20

RP26: 09/06/2010 05:59:14 - Uninstall Syncrosoft's License Control

RP27: 11/06/2010 22:53:24 - Installed Microsoft Office Home and Student 2007

RP28: 11/06/2010 22:58:10 - Printer Driver Send To Microsoft OneNote Driver Installed

RP29: 12/06/2010 09:01:42 - Installed RGSS-RTP Standard

RP30: 12/06/2010 09:02:12 - Installed RPGXP

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Hosts: 74.125.45.100 secure-plus-payments.com

Hosts: 74.125.45.100 www.getantivirusplusnow.com

Hosts: 74.125.45.100 www.secure-plus-payments.com

Hosts: 74.125.45.100 www.getavplusnow.com

Hosts: 74.125.45.100 safebrowsing-cache.google.com

Hosts: 74.125.45.100 urs.microsoft.com

Hosts: 74.125.45.100 www.securesoftwarebill.com

Hosts: 74.125.45.100 secure.paysecuresystem.com

Hosts: 74.125.45.100 paysoftbillsolution.com

Hosts: 74.125.45.100 protected.maxisoftwaremart.com

==== Installed Programs ======================

3Connect

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Broadcom 440x 10/100 Integrated Controller

Conexant HDA D110 MDC V.92 Modem

Dell Wireless WLAN Card

DreamStation DXi2

FixedLength

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB979306)

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 20

Looper

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Morrowind

MSVCRT

RGSS-RTP Standard

Rhythm'n'Chords 2 Lite CW

RPG Maker VX

RPG Maker VX RTP

RPGXP

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Segoe UI

SigmaTel Audio

SlicyDrummer Lite

SONAR 2.2

Sonic Timeworks Sonar 2 Plug-ins

Sound Blaster ADVANCED MB Drivers

Style Enhancer Micro 2.0

SUPERAntiSpyware Free Edition

Switch Sound File Converter

TES Construction Set

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB980302)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB980182)

VeloMaster Lite CW

WebFldrs XP

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

WinRAR archiver

ZTE_MF627_USB_MODEM_1.2059.0.4

==== Event Viewer Messages From Past Week ========

11/06/2010 22:58:33, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

11/06/2010 22:58:33, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/06/2010 22:58:33, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/06/2010 04:34:35, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.

09/06/2010 03:36:00, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

09/06/2010 03:16:42, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

09/06/2010 03:16:42, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

09/06/2010 03:15:42, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

09/06/2010 02:32:58, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

09/06/2010 02:27:32, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

09/06/2010 01:42:19, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

09/06/2010 01:42:19, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

09/06/2010 01:42:19, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

09/06/2010 01:42:19, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

09/06/2010 01:42:19, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

09/06/2010 01:26:29, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

05/06/2010 00:23:15, error: Service Control Manager [7000] - The BecHelperService service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by A Valued Customer at 1:35:03.37 on 14/06/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.528 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: My Security Engine *On-access scanning enabled* (Outdated) {A9DC4972-891D-41B9-87A8-D6E2ED0EBE75}

FW: My Security Engine *enabled* {954FBE64-0C9D-4377-92F2-95431EE233D5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

svchost.exe "C:\WINDOWS\system32\accwize.exe"

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Program Files\3 Mobile Broadband\3Connect\wilog.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\A Valued Customer\Desktop\dds.com

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\shared\lib.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [movie[1]] c:\documents and settings\a valued customer\local settings\temporary internet files\content.ie5\jghojvxe\movie[1].exe

mRun: [uquqib] rundll32.exe "c:\windows\amiseriy.dll",Startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunServices: [movie[1]] c:\documents and settings\a valued customer\local settings\temporary internet files\content.ie5\jghojvxe\movie[1].exe

mRunServices: [switchToModemSwitchToModem1.0.1.14] c:\program files\zte_mf627_legacy_driver_1.2059.0.4\switchtomodemswitchtomodem1.0.1.14.exe

mRunServices: [MicrosoftApplication] c:\program files\common files\microsoft shared\dw\1048\dwintl20microsoft.exe

mRunServices: [ErrorReporting] c:\program files\common files\microsoft shared\dw\3076\dwintl20reporting.exe

mRunServices: [DriverInstallerSwitchToModem] c:\program files\zte_mf627_legacy_driver_1.2059.0.4\switchtomodemswitchtomodem1.0.1.14.exe

mRunServices: [ReportingError] c:\program files\common files\microsoft shared\dw\1046\reportingdwintl2012.0.4518.1014.exe

mRunServices: [PINBALLPinball] c:\program files\windows nt\pinball\pinballpinball.exe

mRunServices: [DWIntl20Application] c:\program files\common files\microsoft shared\dw\1028\errorreporting12.0.4518.1000.exe

mRunServices: [asymetricalhallr] c:\program files\cakewalk\shared dxi\revalver se\presets\asymetricalhallr.exe

mRunServices: [mp3encAutomation] c:\program files\cakewalk\shared utilities\modulecw11auto10.5.1.10.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: {E0D4A6D3-2E20-4410-AC9F-E7E8F8D9562B} = 141.1.1.1 195.27.1.1

Filter: text/html - {5a515555-77b6-4e18-916b-f5f14baf026d} - c:\windows\msv1_0.dll

Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - c:\docume~1\avalue~1\locals~1\temp\2E.tmp

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

IFEO: image file execution options - svchost.exe

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]

R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2010-6-5 1737464]

S2 NtLmSspWmdmPmSN;NT LM Security Support Provider NtLmSspWmdmPmSN;c:\windows\system32\accwize.exe srv --> c:\windows\system32\accwize.exe srv [?]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7680]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasusb.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]

=============== Created Last 30 ================

2010-06-12 23:02:04 135782 --sha-w- c:\windows\system32\1033a.sys

2010-06-12 08:02:42 56 --sh--r- c:\windows\system32\019E4F2B57.sys

2010-06-12 08:02:27 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-06-11 21:58:11 32592 ----a-w- c:\windows\system32\msonpmon.dll

2010-06-11 21:54:22 0 d-----w- c:\windows\SHELLNEW

2010-06-10 09:16:26 0 ----a-w- c:\windows\system32\accwizex.sys

2010-06-09 21:15:11 0 d-sh--w- c:\windows\system32\lowsec

2010-06-09 03:04:29 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-06-09 03:04:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-09 00:22:23 51 ----a-w- c:\windows\wininit.ini

2010-06-04 23:25:46 0 d-----w- c:\docume~1\avalue~1\applic~1\Birdstep Technology

2010-06-04 23:25:32 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys

2010-06-04 23:25:31 0 d-----w- c:\program files\3 Mobile Broadband

2010-05-31 21:37:25 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll

2010-05-31 21:37:25 8704 ----a-w- c:\windows\system32\kbdjpn.dll

2010-05-31 21:37:25 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll

2010-05-31 21:37:25 8192 ----a-w- c:\windows\system32\kbdkor.dll

2010-05-31 21:37:25 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll

2010-05-31 21:37:25 6144 ----a-w- c:\windows\system32\kbd101c.dll

2010-05-31 21:37:25 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll

2010-05-31 21:37:25 5632 ----a-w- c:\windows\system32\kbd103.dll

2010-05-31 21:37:21 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll

2010-05-31 21:37:21 6144 ----a-w- c:\windows\system32\kbd101b.dll

2010-05-31 21:37:20 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll

2010-05-31 21:37:20 6144 ----a-w- c:\windows\system32\kbd106.dll

2010-05-31 05:01:59 0 d-----w- c:\docume~1\avalue~1\applic~1\Axlaha

2010-05-29 22:29:55 520 ----a-w- c:\windows\netdet.ini

2010-05-25 22:06:00 16 ----a-w- c:\docume~1\avalue~1\applic~1\vqdlkr.dat

2010-05-24 21:37:12 0 ----a-w- c:\windows\ocurulazexizux.dll

2010-05-23 02:02:28 0 d-----w- c:\program files\NCH Software

2010-05-23 02:02:13 0 d-----w- c:\program files\NCH Swift Sound

2010-05-22 20:19:35 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU

2010-05-22 20:19:31 0 d-----w- c:\docume~1\avalue~1\applic~1\AVS4YOU

2010-05-22 20:18:39 974848 ----a-w- c:\windows\system32\mfc70.dll

2010-05-22 20:18:39 487424 ----a-w- c:\windows\system32\msvcp70.dll

2010-05-22 20:18:39 344064 ----a-w- c:\windows\system32\msvcr70.dll

2010-05-22 20:18:39 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2010-05-22 20:18:39 0 d-----w- c:\program files\common files\AVSMedia

2010-05-22 20:18:20 0 d-----w- c:\windows\SxsCaPendDel

2010-05-22 20:17:47 24576 ----a-w- c:\windows\system32\msxml3a.dll

2010-05-22 20:17:45 0 d-----w- c:\program files\AVS4YOU

2010-05-20 06:39:49 1129 --s-a-w- c:\windows\system32\3660235727.dat

2010-05-20 06:39:45 4 ----a-w- c:\docume~1\avalue~1\applic~1\ofubwi.dat

2010-05-19 13:06:28 0 d-----w- c:\program files\Shared

2010-05-19 04:13:36 0 d-----w- c:\docume~1\avalue~1\applic~1\Ardad

2010-05-19 03:36:36 0 d-----w- c:\program files\NTONYX

2010-05-19 03:36:29 303616 ----a-w- c:\windows\IsUninst.exe

2010-05-19 03:36:27 0 d-----w- c:\documents and settings\a valued customer\WINDOWS

2010-05-18 00:27:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Creative Labs

2010-05-18 00:25:52 0 d-----w- c:\program files\common files\Creative Labs Shared

2010-05-18 00:25:16 0 d-----w- c:\program files\Creative

2010-05-17 23:32:14 118784 ----a-w- c:\windows\dsdxirmv.exe

2010-05-17 23:31:20 0 d-----w- c:\program files\Sonic Timeworks

2010-05-17 23:31:13 180224 ----a-w- c:\windows\system32\ReWire.dll

2010-05-17 23:31:13 0 d-----w- c:\program files\Cakewalk

2010-05-17 23:31:13 0 d-----w- C:\Cakewalk Projects

2010-05-17 22:52:58 0 d-----w- c:\docume~1\avalue~1\applic~1\MusicLab

2010-05-17 22:52:47 0 d-----w- c:\program files\MusicLab

2010-05-17 18:37:09 0 d-----w- c:\program files\Bethesda Softworks

==================== Find3M ====================

2010-05-30 20:34:02 88 --sh--r- c:\docume~1\alluse~1\applic~1\572B4F9E01.sys

2010-05-30 20:34:02 1682 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys

2010-05-13 02:53:32 664 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-05-13 01:53:23 373248 ----a-w- c:\windows\system32\odjr.exe

2010-05-12 08:48:23 186667 ----a-w- c:\documents and settings\a valued customer\ntznn.exe

2010-05-11 08:03:50 54784 --sha-r- c:\windows\system32\scredirt.dll

2010-05-11 07:54:51 373248 ----a-w- c:\windows\system32\zthsn.exe

2010-05-11 07:54:10 373248 ----a-w- c:\windows\system32\ls_ixpcl.exe

2010-05-11 07:54:10 312 ----a-w- c:\documents and settings\a valued customer\stsf.bat

2010-05-11 07:39:44 373248 ----a-w- c:\windows\system32\ixpcl.exe

2010-05-11 07:39:33 373248 ----a-w- c:\windows\system32\uwan.exe

2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-29 07:58:38 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe

2010-04-28 07:54:14 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 1:36:31.59 ===============

Link to post
Share on other sites

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-14 01:49:14

Windows 5.1.2600 Service Pack 3

Running: 78m91hw8.exe; Driver: C:\DOCUME~1\AVALUE~1\LOCALS~1\Temp\fwpyrfow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA2D29950]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\disk.sys entry point in ".rsrc" section [0xF7615514]

init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xA7BFB280]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[136] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00DA2FE0

.text C:\WINDOWS\system32\svchost.exe[136] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DA313E

.text C:\WINDOWS\system32\svchost.exe[136] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00DADF23

.text C:\WINDOWS\system32\svchost.exe[136] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00DAE058

.text C:\WINDOWS\system32\svchost.exe[136] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00DB044C

.text C:\WINDOWS\system32\svchost.exe[136] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00DB04F3

.text C:\WINDOWS\system32\svchost.exe[136] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00DB04B4

.text C:\WINDOWS\system32\svchost.exe[136] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00DB0491

.text C:\WINDOWS\system32\svchost.exe[136] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00DB03C0

.text C:\WINDOWS\system32\svchost.exe[136] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00DB03E2

.text C:\WINDOWS\system32\svchost.exe[136] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00DB046E

.text C:\WINDOWS\system32\svchost.exe[136] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00DB0428

.text C:\WINDOWS\system32\svchost.exe[136] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00DB0404

.text C:\WINDOWS\system32\svchost.exe[136] Ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DAC1A7

.text C:\WINDOWS\system32\svchost.exe[136] Ws2_32.dll!send 71AB4C27 5 Bytes JMP 00DAC1DB

.text C:\WINDOWS\system32\svchost.exe[136] Ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DAC1F8

.text C:\WINDOWS\system32\svchost.exe[136] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00DA2B30

.text C:\WINDOWS\system32\SearchIndexer.exe[236] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 007D2FE0

.text C:\WINDOWS\system32\SearchIndexer.exe[236] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007D313E

.text C:\WINDOWS\system32\SearchIndexer.exe[236] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\WINDOWS\system32\SearchIndexer.exe[236] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 007DDF23

.text C:\WINDOWS\system32\SearchIndexer.exe[236] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 007DE058

.text C:\WINDOWS\system32\SearchIndexer.exe[236] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 007D2B30

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 007DC1A7

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007DC1DB

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 007DC1F8

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 007E044C

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 007E04F3

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 007E04B4

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 007E0491

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 007E03C0

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 007E03E2

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 007E046E

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 007E0428

.text C:\WINDOWS\system32\SearchIndexer.exe[236] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 007E0404

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00FE2FE0

.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00FE313E

.text C:\WINDOWS\system32\services.exe[712] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00FEDF23

.text C:\WINDOWS\system32\services.exe[712] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00FEE058

.text C:\WINDOWS\system32\services.exe[712] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00FF044C

.text C:\WINDOWS\system32\services.exe[712] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00FF04F3

.text C:\WINDOWS\system32\services.exe[712] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00FF04B4

.text C:\WINDOWS\system32\services.exe[712] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00FF0491

.text C:\WINDOWS\system32\services.exe[712] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00FF03C0

.text C:\WINDOWS\system32\services.exe[712] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00FF03E2

.text C:\WINDOWS\system32\services.exe[712] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00FF046E

.text C:\WINDOWS\system32\services.exe[712] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00FF0428

.text C:\WINDOWS\system32\services.exe[712] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00FF0404

.text C:\WINDOWS\system32\services.exe[712] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FEC1A7

.text C:\WINDOWS\system32\services.exe[712] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FEC1DB

.text C:\WINDOWS\system32\services.exe[712] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FEC1F8

.text C:\WINDOWS\system32\services.exe[712] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00FE2B30

.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00E92FE0

.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E9313E

.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00E9DF23

.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00E9E058

.text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E9C1A7

.text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E9C1DB

.text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E9C1F8

.text C:\WINDOWS\system32\lsass.exe[724] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00EA044C

.text C:\WINDOWS\system32\lsass.exe[724] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00EA04F3

.text C:\WINDOWS\system32\lsass.exe[724] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00EA04B4

.text C:\WINDOWS\system32\lsass.exe[724] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00EA0491

.text C:\WINDOWS\system32\lsass.exe[724] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00EA03C0

.text C:\WINDOWS\system32\lsass.exe[724] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00EA03E2

.text C:\WINDOWS\system32\lsass.exe[724] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00EA046E

.text C:\WINDOWS\system32\lsass.exe[724] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00EA0428

.text C:\WINDOWS\system32\lsass.exe[724] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00EA0404

.text C:\WINDOWS\system32\lsass.exe[724] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00E92B30

.text C:\WINDOWS\system32\igfxsrvc.exe[780] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00132FE0

.text C:\WINDOWS\system32\igfxsrvc.exe[780] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0013313E

.text C:\WINDOWS\system32\igfxsrvc.exe[780] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0013DF23

.text C:\WINDOWS\system32\igfxsrvc.exe[780] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0013E058

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0014044C

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 001404F3

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 001404B4

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00140491

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 001403C0

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 001403E2

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0014046E

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00140428

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00140404

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0013C1A7

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0013C1DB

.text C:\WINDOWS\system32\igfxsrvc.exe[780] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0013C1F8

.text C:\WINDOWS\system32\igfxsrvc.exe[780] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00132B30

.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D22FE0

.text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00E62FE0

.text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E6313E

.text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00E6DF23

.text C:\WINDOWS\system32\svchost.exe[960] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00E6E058

.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00E7044C

.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00E704F3

.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00E704B4

.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00E70491

.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00E703C0

.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00E703E2

.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00E7046E

.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00E70428

.text C:\WINDOWS\system32\svchost.exe[960] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00E70404

.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E6C1A7

.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E6C1DB

.text C:\WINDOWS\system32\svchost.exe[960] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E6C1F8

.text C:\WINDOWS\system32\svchost.exe[960] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00E62B30

.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A

.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A

.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C

.text C:\WINDOWS\System32\svchost.exe[1004] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F1000A

.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 001B2FE0

.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 001B313E

.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 001BDF23

.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 001BE058

.text C:\WINDOWS\system32\svchost.exe[1092] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 001C044C

.text C:\WINDOWS\system32\svchost.exe[1092] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 001C04F3

.text C:\WINDOWS\system32\svchost.exe[1092] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 001C04B4

.text C:\WINDOWS\system32\svchost.exe[1092] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 001C0491

.text C:\WINDOWS\system32\svchost.exe[1092] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 001C03C0

.text C:\WINDOWS\system32\svchost.exe[1092] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 001C03E2

.text C:\WINDOWS\system32\svchost.exe[1092] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 001C046E

.text C:\WINDOWS\system32\svchost.exe[1092] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 001C0428

.text C:\WINDOWS\system32\svchost.exe[1092] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 001C0404

.text C:\WINDOWS\system32\svchost.exe[1092] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 001BC1A7

.text C:\WINDOWS\system32\svchost.exe[1092] WS2_32.dll!send 71AB4C27 5 Bytes JMP 001BC1DB

.text C:\WINDOWS\system32\svchost.exe[1092] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 001BC1F8

.text C:\WINDOWS\system32\svchost.exe[1092] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 001B2B30

.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 001B2FE0

.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 001B313E

.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 001BDF23

.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 001BE058

.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 001C044C

.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 001C04F3

.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 001C04B4

.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 001C0491

.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 001C03C0

.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 001C03E2

.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 001C046E

.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 001C0428

.text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 001C0404

.text C:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 001BC1A7

.text C:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!send 71AB4C27 5 Bytes JMP 001BC1DB

.text C:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 001BC1F8

.text C:\WINDOWS\system32\svchost.exe[1144] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 001B2B30

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00262FE0

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0026313E

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0026DF23

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0026E058

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0027044C

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 002704F3

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 002704B4

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00270491

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 002703C0

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 002703E2

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0027046E

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!HttpSendRequestExA 3D9BA70A 3 Bytes JMP 00270428

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!HttpSendRequestExA + 4 3D9BA70E 1 Byte [C2]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!HttpSendRequestExW 3D9BA763 3 Bytes JMP 00270404

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WININET.dll!HttpSendRequestExW + 4 3D9BA767 1 Byte [C2]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0026C1A7

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0026C1DB

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0026C1F8

.text C:\WINDOWS\System32\WLTRYSVC.EXE[1208] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00262B30

.text C:\WINDOWS\System32\bcmwltry.exe[1256] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D72FE0

.text C:\WINDOWS\System32\bcmwltry.exe[1256] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D7313E

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00D8044C

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00D804F3

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00D804B4

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00D80491

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00D803C0

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00D803E2

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00D8046E

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00D80428

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00D80404

.text C:\WINDOWS\System32\bcmwltry.exe[1256] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D7DF23

.text C:\WINDOWS\System32\bcmwltry.exe[1256] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00D7E058

.text C:\WINDOWS\System32\bcmwltry.exe[1256] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00D72B30

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D7C1A7

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D7C1DB

.text C:\WINDOWS\System32\bcmwltry.exe[1256] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D7C1F8

.text C:\WINDOWS\system32\spoolsv.exe[1328] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 001A2FE0

.text C:\WINDOWS\system32\spoolsv.exe[1328] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 001A313E

.text C:\WINDOWS\system32\spoolsv.exe[1328] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 001ADF23

.text C:\WINDOWS\system32\spoolsv.exe[1328] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 001AE058

.text C:\WINDOWS\system32\spoolsv.exe[1328] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 001B044C

.text C:\WINDOWS\system32\spoolsv.exe[1328] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 001B04F3

.text C:\WINDOWS\system32\spoolsv.exe[1328] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 001B04B4

.text C:\WINDOWS\system32\spoolsv.exe[1328] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 001B0491

.text C:\WINDOWS\system32\spoolsv.exe[1328] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 001B03C0

.text C:\WINDOWS\system32\spoolsv.exe[1328] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 001B03E2

.text C:\WINDOWS\system32\spoolsv.exe[1328] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 001B046E

.text C:\WINDOWS\system32\spoolsv.exe[1328] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 001B0428

.text C:\WINDOWS\system32\spoolsv.exe[1328] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 001B0404

.text C:\WINDOWS\system32\spoolsv.exe[1328] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 001AC1A7

.text C:\WINDOWS\system32\spoolsv.exe[1328] WS2_32.dll!send 71AB4C27 5 Bytes JMP 001AC1DB

.text C:\WINDOWS\system32\spoolsv.exe[1328] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 001AC1F8

.text C:\WINDOWS\system32\spoolsv.exe[1328] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 001A2B30

.text C:\WINDOWS\system32\rundll32.exe[1356] ntdll.dll!NtCreateThread 7C90D1AE 3 Bytes JMP 00912FE0

.text C:\WINDOWS\system32\rundll32.exe[1356] ntdll.dll!NtCreateThread + 4 7C90D1B2 1 Byte [84]

.text C:\WINDOWS\system32\rundll32.exe[1356] ntdll.dll!NtQueryDirectoryFile 7C90D76E 3 Bytes JMP 0091313E

.text C:\WINDOWS\system32\rundll32.exe[1356] ntdll.dll!NtQueryDirectoryFile + 4 7C90D772 1 Byte [84]

.text C:\WINDOWS\system32\rundll32.exe[1356] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0091DF23

.text C:\WINDOWS\system32\rundll32.exe[1356] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0091E058

.text C:\WINDOWS\system32\rundll32.exe[1356] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0092044C

.text C:\WINDOWS\system32\rundll32.exe[1356] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 009204F3

.text C:\WINDOWS\system32\rundll32.exe[1356] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 009204B4

.text C:\WINDOWS\system32\rundll32.exe[1356] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00920491

.text C:\WINDOWS\system32\rundll32.exe[1356] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 009203C0

.text C:\WINDOWS\system32\rundll32.exe[1356] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 009203E2

.text C:\WINDOWS\system32\rundll32.exe[1356] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0092046E

.text C:\WINDOWS\system32\rundll32.exe[1356] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00920428

.text C:\WINDOWS\system32\rundll32.exe[1356] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00920404

.text C:\WINDOWS\system32\rundll32.exe[1356] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0091C1A7

.text C:\WINDOWS\system32\rundll32.exe[1356] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0091C1DB

.text C:\WINDOWS\system32\rundll32.exe[1356] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0091C1F8

.text C:\WINDOWS\system32\rundll32.exe[1356] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00912B30

.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00BA2FE0

.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BA313E

.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00BADF23

.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00BAE058

.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00BB044C

.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00BB04F3

.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00BB04B4

.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00BB0491

.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00BB03C0

.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00BB03E2

.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00BB046E

.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00BB0428

.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00BB0404

.text C:\WINDOWS\system32\svchost.exe[1476] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BAC1A7

.text C:\WINDOWS\system32\svchost.exe[1476] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BAC1DB

.text C:\WINDOWS\system32\svchost.exe[1476] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BAC1F8

.text C:\WINDOWS\system32\svchost.exe[1476] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00BA2B30

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00262FE0

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0026313E

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0026C1A7

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0026C1DB

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0026C1F8

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0026DF23

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0026E058

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0027044C

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 002704F3

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 002704B4

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00270491

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 002703C0

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 002703E2

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0027046E

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!HttpSendRequestExA 3D9BA70A 3 Bytes JMP 00270428

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!HttpSendRequestExA + 4 3D9BA70E 1 Byte [C2]

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!HttpSendRequestExW 3D9BA763 3 Bytes JMP 00270404

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] WININET.dll!HttpSendRequestExW + 4 3D9BA767 1 Byte [C2]

.text C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe[1520] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00262B30

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00262FE0

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0026313E

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0026DF23

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0026E058

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0027044C

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 002704F3

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 002704B4

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00270491

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 002703C0

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 002703E2

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0027046E

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!HttpSendRequestExA 3D9BA70A 3 Bytes JMP 00270428

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!HttpSendRequestExA + 4 3D9BA70E 1 Byte [C2]

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!HttpSendRequestExW 3D9BA763 3 Bytes JMP 00270404

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WININET.dll!HttpSendRequestExW + 4 3D9BA767 1 Byte [C2]

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0026C1A7

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0026C1DB

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0026C1F8

.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1596] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00262B30

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00EC2FE0

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00EC313E

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00ECC1A7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00ECC1DB

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00ECC1F8

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00ECDF23

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00ECE058

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00ED044C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00ED04F3

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00ED04B4

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00ED0491

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00ED03C0

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00ED03E2

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00ED046E

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00ED0428

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00ED0404

.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00EC2B30

.text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A

.text C:\WINDOWS\Explorer.EXE[1796] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00072FE0

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0007313E

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0007DF23

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0007E058

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0008044C

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 000804F3

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 000804B4

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00080491

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 000803C0

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 000803E2

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0008046E

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00080428

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00080404

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0007C1A7

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0007C1DB

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0007C1F8

.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2168] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00072B30

.text C:\WINDOWS\System32\alg.exe[2520] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00082FE0

.text C:\WINDOWS\System32\alg.exe[2520] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0008313E

.text C:\WINDOWS\System32\alg.exe[2520] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0008DF23

.text C:\WINDOWS\System32\alg.exe[2520] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0008E058

.text C:\WINDOWS\System32\alg.exe[2520] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0008C1A7

.text C:\WINDOWS\System32\alg.exe[2520] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0008C1DB

.text C:\WINDOWS\System32\alg.exe[2520] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0008C1F8

.text C:\WINDOWS\System32\alg.exe[2520] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0009044C

.text C:\WINDOWS\System32\alg.exe[2520] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 000904F3

.text C:\WINDOWS\System32\alg.exe[2520] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 000904B4

.text C:\WINDOWS\System32\alg.exe[2520] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00090491

.text C:\WINDOWS\System32\alg.exe[2520] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 000903C0

.text C:\WINDOWS\System32\alg.exe[2520] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 000903E2

.text C:\WINDOWS\System32\alg.exe[2520] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0009046E

.text C:\WINDOWS\System32\alg.exe[2520] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00090428

.text C:\WINDOWS\System32\alg.exe[2520] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00090404

.text C:\WINDOWS\System32\alg.exe[2520] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00082B30

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00092FE0

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0009313E

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0009DF23

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0009E058

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00092B30

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 000A044C

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 000A04F3

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 000A04B4

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 000A0491

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 000A03C0

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 000A03E2

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 000A046E

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 000A0428

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 000A0404

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0009C1A7

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0009C1DB

.text C:\WINDOWS\system32\SearchFilterHost.exe[2988] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0009C1F8

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00092FE0

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0009313E

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0009DF23

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0009E058

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00092B30

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 000A044C

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 000A04F3

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 000A04B4

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 000A0491

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 000A03C0

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 000A03E2

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 000A046E

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 000A0428

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 000A0404

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0009C1A7

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0009C1DB

.text C:\WINDOWS\system32\SearchProtocolHost.exe[3016] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0009C1F8

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys

AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys

AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys

AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

Device -> \Driver\atapi \Device\Harddisk0\DR0 864DAEE4

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\disk.sys suspicious modification

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.