|
|
|
Various Malware and viruses
|
|
|
latino209
Member
|
27. February 2008 @ 09:48 |
Link to this message
|
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00630047
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00630036
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00630025
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00940000
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00940F79
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0094006E
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00940053
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00940F8A
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00940022
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009400B5
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009400A4
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009400FC
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009400EB
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0094010D
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00940F9B
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00940FE5
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00940093
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00940FB6
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00940011
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009400D0
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00930FCA
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00930036
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0093001B
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00930FE5
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00930F79
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00930F94
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00930000
.text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00930FB9
.text C:\WINDOWS\System32\svchost.exe[1112] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00910000
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00990F77
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00990F92
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00990FA3
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0099006C
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00990FCA
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00990F55
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00990091
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009900D3
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00990F3A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00990F1F
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00990051
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00990FEF
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00990F66
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0099002C
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0099001B
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009900B8
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 006E0FC3
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 006E005B
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 006E0FD4
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 006E004A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 006E002F
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 006E0FA8
.text C:\WINDOWS\System32\svchost.exe[1160] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006C0000
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenA 42C2C8A1 5 Bytes JMP 006B000A
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenW 42C2CED1 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenUrlA 42C30BFA 5 Bytes JMP 006B002F
.text C:\WINDOWS\System32\svchost.exe[1160] WININET.dll!InternetOpenUrlW 42C7AC51 5 Bytes JMP 006B004A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 1007021C; RET
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 10070166; RET
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00C00000
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] ADVAPI32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 00C70000
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] ADVAPI32.dll!CryptImportKey 77DEA879 5 Bytes JMP 00C90000
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] ADVAPI32.dll!CryptGenKey 77E114B1 5 Bytes JMP 00CB0000
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 00D10000
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 00CF0000
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00CD0000
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00C50000
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[1860] ws2_32.dll!send 71AB428A 5 Bytes JMP 00C30000
.text C:\Program Files\QuickTime\qttask.exe[1888] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 100D021C; RET
.text C:\Program Files\QuickTime\qttask.exe[1888] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\QuickTime\qttask.exe[1888] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 100D0166; RET
.text C:\Program Files\QuickTime\qttask.exe[1888] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\QuickTime\qttask.exe[1888] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00D20000
.text C:\Program Files\QuickTime\qttask.exe[1888] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 00E20000
.text C:\Program Files\QuickTime\qttask.exe[1888] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 00E00000
.text C:\Program Files\QuickTime\qttask.exe[1888] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00DE0000
.text C:\Program Files\QuickTime\qttask.exe[1888] ADVAPI32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 00D80000
.text C:\Program Files\QuickTime\qttask.exe[1888] ADVAPI32.dll!CryptImportKey 77DEA879 5 Bytes JMP 00DA0000
.text C:\Program Files\QuickTime\qttask.exe[1888] ADVAPI32.dll!CryptGenKey 77E114B1 5 Bytes JMP 00DC0000
.text C:\Program Files\QuickTime\qttask.exe[1888] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00D60000
.text C:\Program Files\QuickTime\qttask.exe[1888] ws2_32.dll!send 71AB428A 5 Bytes JMP 00D40000
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 1010021C; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 10100166; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00ED0000
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ADVAPI32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 00F30000
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ADVAPI32.dll!CryptImportKey 77DEA879 5 Bytes JMP 00F50000
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ADVAPI32.dll!CryptGenKey 77E114B1 5 Bytes JMP 00F70000
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 00FD0000
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 00FB0000
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00F90000
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00F10000
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ws2_32.dll!send 71AB428A 5 Bytes JMP 00EF0000
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 1016021C; RET
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 10160166; RET
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00E20000
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] ADVAPI32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 00E80000
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] ADVAPI32.dll!CryptImportKey 77DEA879 5 Bytes JMP 00EA0000
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] ADVAPI32.dll!CryptGenKey 77E114B1 5 Bytes JMP 00EC0000
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 00F20000
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 00F00000
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00EE0000
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00E60000
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1932] ws2_32.dll!send 71AB428A 5 Bytes JMP 00E40000
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 1019021C; RET
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 10190166; RET
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00EE0000
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 011E0000
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 00FC0000
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00FA0000
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] ADVAPI32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 00F40000
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] ADVAPI32.dll!CryptImportKey 77DEA879 5 Bytes JMP 00F60000
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] ADVAPI32.dll!CryptGenKey 77E114B1 5 Bytes JMP 00F80000
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00F20000
.text C:\Program Files\SiteAdvisor\6172\SiteAdv.exe[1944] ws2_32.dll!send 71AB428A 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\ctfmon.exe[1980] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 101F021C; RET
.text C:\WINDOWS\system32\ctfmon.exe[1980] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[1980] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 101F0166; RET
.text C:\WINDOWS\system32\ctfmon.exe[1980] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\ctfmon.exe[1980] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!CryptImportKey 77DEA879 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\ctfmon.exe[1980] ADVAPI32.dll!CryptGenKey 77E114B1 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\ctfmon.exe[1980] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\ctfmon.exe[1980] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\ctfmon.exe[1980] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\ctfmon.exe[1980] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\ctfmon.exe[1980] ws2_32.dll!send 71AB428A 5 Bytes JMP 00C20000
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 1022021C; RET
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 10220166; RET
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 013FF650 C:\Program Files\SiteAdvisor\6172\saPlugin.dll
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 01270000
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] ADVAPI32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 012D0000
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] ADVAPI32.dll!CryptImportKey 77DEA879 5 Bytes JMP 012F0000
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] ADVAPI32.dll!CryptGenKey 77E114B1 5 Bytes JMP 01310000
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 01370000
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 01350000
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01330000
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] WS2_32.dll!connect 71AB406A 5 Bytes JMP 012B0000
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1996] WS2_32.dll!send 71AB428A 5 Bytes JMP 01290000
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 1028021C; RET
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 10280166; RET
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 01640000
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes [ 33, C0, C2, 04, 00 ]
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] advapi32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 016A0000
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] advapi32.dll!CryptImportKey 77DEA879 5 Bytes JMP 016C0000
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] advapi32.dll!CryptGenKey 77E114B1 5 Bytes JMP 016E0000
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01680000
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] WS2_32.dll!send 71AB428A 5 Bytes JMP 01660000
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 01740000
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 01720000
.text C:\Program Files\MySpace\IM\MySpaceIM.exe[2024] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 01700000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 102B021C; RET
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 102B0166; RET
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00EF0000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 00FF0000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 00FD0000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00FB0000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] ADVAPI32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 00F50000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] ADVAPI32.dll!CryptImportKey 77DEA879 5 Bytes JMP 00F70000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] ADVAPI32.dll!CryptGenKey 77E114B1 5 Bytes JMP 00F90000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00F30000
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2040] WS2_32.dll!send 71AB428A 5 Bytes JMP 00F10000
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00930060
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00930F6B
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930F7C
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930F97
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0093002F
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00930093
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00930082
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009300C2
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00930F29
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00930F18
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00930FA8
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00930FDE
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00930071
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00930014
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00930FC3
.text C:\WINDOWS\System32\svchost.exe[2196] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00930F3A
.text C:\WINDOWS\System32\svchost.exe[2196] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00920FD4
.text C:\WINDOWS\System32\svchost.exe[2196] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00920FB2
.text C:\WINDOWS\System32\svchost.exe[2196] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00920025
.text C:\WINDOWS\System32\svchost.exe[2196] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00920FE5
.text C:\WINDOWS\System32\svchost.exe[2196] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00920FC3
.text C:\WINDOWS\System32\svchost.exe[2196] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0092005B
.text C:\WINDOWS\System32\svchost.exe[2196] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[2196] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00920040
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 100A021C; RET
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 100A0166; RET
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00E20000
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 00F20000
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 00F00000
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00EE0000
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] ADVAPI32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 00E80000
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] ADVAPI32.dll!CryptImportKey 77DEA879 5 Bytes JMP 00EA0000
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] ADVAPI32.dll!CryptGenKey 77E114B1 5 Bytes JMP 00EC0000
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00E60000
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] ws2_32.dll!send 71AB428A 5 Bytes JMP 00E40000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 100A021C; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 100A0166; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 012E0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] ADVAPI32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 01340000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] ADVAPI32.dll!CryptImportKey 77DEA879 5 Bytes JMP 01360000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] ADVAPI32.dll!CryptGenKey 77E114B1 5 Bytes JMP 01380000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01320000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] WS2_32.dll!send 71AB428A 5 Bytes JMP 01300000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] USER32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 01460000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] USER32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 01440000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2748] USER32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 013A0000
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] ntdll.dll!NtCreateThread 7C90D7D2 6 Bytes PUSH 1016021C; RET
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] ntdll.dll!NtCreateThread + 7 7C90D7D9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] ntdll.dll!NtResumeThread 7C90E45F 6 Bytes PUSH 10160166; RET
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] ntdll.dll!NtResumeThread + 7 7C90E466 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 00E10000
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] advapi32.dll!CryptDeriveKey 77DEA685 5 Bytes JMP 00E70000
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] advapi32.dll!CryptImportKey 77DEA879 5 Bytes JMP 00E90000
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] advapi32.dll!CryptGenKey 77E114B1 5 Bytes JMP 00EB0000
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] user32.dll!DispatchMessageW 7E418A01 5 Bytes JMP 00F40000
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] user32.dll!DispatchMessageA 7E4196B8 5 Bytes JMP 00F20000
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] user32.dll!GetClipboardData 7E430D7A 5 Bytes JMP 00F00000
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00E50000
.text C:\Documents and Settings\Gloria\Desktop\gmer\gmer.exe[3292] ws2_32.dll!send 71AB428A 5 Bytes JMP 00E30000
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- EOF - GMER 1.0.14 ----
Stay Loyal To The Game
|
|
Advertisement
|
 |
|
|
|
latino209
Member
|
27. February 2008 @ 09:49 |
Link to this message
|
|
Dang reformating the drive is the last thing i want to do.... is there a possibility we could get it good and running? and umm whats the spam blocker utility thing combofix displays?
Stay Loyal To The Game
|
Member
|
27. February 2008 @ 19:17 |
Link to this message
|
hi,
Quote:
umm whats the spam blocker utility
see links:
http://www.sophos.com/security/analyses/...i_g9uGIqG1.html
http://www.pchell.com/support/spamblockerutility.shtml
Quote:
is there a possibility we could get it good and running?
you had alot of malware on board, in the case of rootkits its a good idea to reformat as the machine can no longer be trusted. if you dont know how your getting this stuff, you will be loaded with it again very soon. no amount of anti-this or that software will save you.
lets get another copy of combofix to use:
----------------------
please uninstall the current copy of combofix like this:
start>run and type in the window combofix /u click ok
note: there is a space after the x and before the /
reboot computer once and download and run the new version like before:
Download combofix from one of these links and save it to Desktop:
http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
as a precaution, before using combofix:
Note:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
* Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
* Click on this link below to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
* Remember to re enable the protection again afterwards before connecting to the net
link:
http://www.bleepingcomputer.com/forums/topic114351.html
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
* IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
* If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" in next reply
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
|
|
latino209
Member
|
27. February 2008 @ 22:17 |
Link to this message
|
It wasnt as long as it was before so we're doing better... seems like its speeding up but not quite there... hey i just want to say thanks again man sorry if im causing too much problems...
ComboFix 08-02-25.3 - Gloria 2008-02-28 2:04:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT -5:00]
Running from: C:\Documents and Settings\Gloria\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.
2008-02-27 02:14 . 2008-02-27 02:14 250 --a------ C:\WINDOWS\gmer.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 01:54 --------- d-----w C:\Program Files\NoAdware4
2008-03-25 01:50 --------- d-----w C:\Program Files\RcvSystem
2008-03-25 00:23 --------- d-----w C:\Program Files\McAfee
2008-03-25 00:20 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-24 00:31 --------- d-----w C:\Documents and Settings\Gloria\Application Data\SiteAdvisor
2008-03-23 07:15 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-23 02:08 --------- d-----w C:\Program Files\SiteAdvisor
2008-03-23 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-23 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-23 02:04 --------- d-----w C:\Program Files\McAfee.com
2008-03-23 02:04 --------- d-----w C:\Program Files\Common Files\McAfee
2008-03-23 00:40 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-23 00:39 --------- d-----w C:\Documents and Settings\Gloria\Application Data\SUPERAntiSpyware.com
2008-03-23 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-19 09:14 --------- d-----w C:\Program Files\Java
2008-03-19 08:50 --------- d-----w C:\Program Files\CONEXANT
2008-03-16 19:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 01:06 --------- d-----w C:\Program Files\Lx_cats
2008-02-09 06:55 85,504 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-08 17:37 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2007-12-12 05:00 189,016 ----a-w C:\Documents and Settings\HECTOR\Application Data\GDIPFONTCACHEV1.DAT
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-10-28 16:04 189,016 ----a-w C:\Documents and Settings\Gloria\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 15:54 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 15:49 4670968]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 16:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"RTHDCPL"="RTHDCPL.EXE" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-05 00:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 11:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 18:51 257088]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 12:47 73728]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 00:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 16:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 19:29 1160480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 15:54 5674352]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 05:47:22 151552]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16:12:08 16423]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 15:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 15:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ivn4reg]
C:\Documents and Settings\All Users\Documents\Settings\ivn4.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\WINDOWS\system32\DRIVERS\CamDrO21.sys [2001-08-17 16:05]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 06:33:57 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-27 07:26:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-23 02:04:38 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-23 02:04:37 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 02:07:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [40132]
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-28 2:10:18
ComboFix2.txt 2008-02-27 07:11:18
.
2008-02-27 07:03:02 --- E O F ---
Stay Loyal To The Game
|
Member
|
28. February 2008 @ 17:12 |
Link to this message
|
hi,
its no problem.
do a online scan. post the results of the scan and a also a new hjt log.
ESET online scanner:
http://www.eset.com/onlinescan/
uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.
|
|
latino209
Member
|
28. February 2008 @ 23:09 |
Link to this message
|
Ok i was able to run Eset scannner it detected 5 things and it deleted them... still having problems and after a while the computer starts crashing and it says i dont have enough memory to run a program or anything eles... heres the hijack log i wasnt able to find the eset log it wasnt on C:\Program Files\EsetOnlineScanner\log.txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:58:25 a.m., on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Gloria\My Documents\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\internet explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: NickToolbarInstall Class - {11AF48E4-CA6C-45ee-A181-282CD7A5BFCD} - C:\Documents and Settings\Gloria\Application Data\LaunchPad Toolbar\launchpadtoolbar.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Nick - {A30B8EF5-82CA-4789-B77F-9C1C20DF53CB} - C:\Documents and Settings\Gloria\Application Data\LaunchPad Toolbar\launchpadtoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MySecretCodes Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\MySecretCodes Toolbar\mysecrettoolbar.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8eaa41a1a6024d1e9a5442d45b39d471
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8eaa41a1a6024d1e9a5442d45b39d471
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MySecretCodes Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\MySecretCodes Toolbar\mysecrettoolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: MySecretCodes Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\MySecretCodes Toolbar\mysecrettoolbar.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fecris20.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ivn4reg - C:\Documents and Settings\All Users\Documents\Settings\ivn4.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
--
End of file - 11768 bytes
Stay Loyal To The Game
|
Member
|
29. February 2008 @ 17:43 |
Link to this message
|
Hi,
start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: MySecretCodes Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\MySecretCodes Toolbar\mysecrettoolbar.dll (file missing)
O9 - Extra button: MySecretCodes Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\MySecretCodes Toolbar\mysecrettoolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: MySecretCodes Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\MySecretCodes Toolbar\mysecrettoolbar.dll (file missing)
O20 - Winlogon Notify: ivn4reg - C:\Documents and Settings\All Users\Documents\Settings\ivn4.dll (file missing)
for the "memory problem" and these are only suggestions:
1)check how much free drive space you have left.(getting full?)
2)remove some unused apps via add/remove programs panel
3)control what starts by clicking on icons by the clock and looking for options to disable the app from starting with windows.
4)control start up items using msconfig:
see web site:
http://www.netsquirrel.com/msconfig/
5)how much RAM do you have installed?(not enough?)
|
|
latino209
Member
|
29. February 2008 @ 17:53 |
Link to this message
|
OK ill do that.... last night i installed and ran spybot s&d and it picked up a few items and deleted them but wasnt able to delete a few.. now im trying to find the log to it but i cant seem to find it..
Stay Loyal To The Game
|
Member
|
2. March 2008 @ 09:29 |
Link to this message
|
after a scan right click in the Spybot window and select:
"copy results to clipboard"
open notepad, right click and select "paste"
save the file somewhere, then copy/paste the results in next reply.
|
|
latino209
Member
|
4. March 2008 @ 17:24 |
Link to this message
|
|
Im thinking of burning all my pictures, music, word docs to a dvd... then reinstalling windows or recovering like the 1st day i got it... i dont want to buy a new version of XP i want the one that the computer came with... what could i use to recover my computer from how it was the first day... sorry we couldn't figure this out even if we did it would probably take a while and im tired of waiting and i bet your tired of hepling me out :).. i sure appriciate all the help you been giving me and sorry for taking your time.. thanks again and can you do me that last favor...
Stay Loyal To The Game
|
|
Advertisement
|
|
|
Member
|
6. March 2008 @ 18:51 |
Link to this message
|
hi,
Quote:
then reinstalling windows or recovering like the 1st day i got it
thats up to you. sometimes thats the easiest and best thing to do. once removed, malware can leave behind plenty of damage.
Quote:
what could i use to recover my computer from how it was the first day.
that would depend. You could have a recovery partition on your hard drive or a recovery disk or a original windows install cd/dvd.
let me say: i build my own and have only used install cd's, never a recovery disk or hd partition. if you purchased your computer you should visit the website and look around the FAQ/troubleshooting, knowledge base etc. most likely you will find out how there.what you want to do is reformat your hard drive then reinstall windows.(clean install)
Quote:
i bet your tired of hepling me out
not really, but with all the malware you had i think your doing the best thing with a reformat/ reinstall.
Quote:
thanks again
your welcome
Quote:
and can you do me that last favor
you have to do me a favor: once you reinstall, learn how malware can get on your computer, so this time around you will avoid it.
echoreply
|
|
