Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

"Windows - Virtual Memory Minium Too Low" Virus. Need help.

20K views 114 replies 3 participants last post by  eddie5659 
#1 ·
Hi,

I think I have a virus or something in my laptop. It seems a lot of people who had a similar problem got some good advice from in this website, so maybe you help me as well.

I'm getting the same warning message every time I turn on my laptop. It says "Windows - Virtual Memory Minium Too Low". It started out of the blue about a month ago. It can't be anything to do with low memory, because it appears even before I do anything on the machine. My Avira (ver 12) doesn't seem to work anymore, every time I do a scan, it finds more viruses, and my laptop would not let me to go the website anymore. I also noticed that the hard drive is continuously running, even when I’m not accessing any programs or have any web pages opened. The times I do use the web, it often freezes up, and I have to close all the pages just to unfreeze it. I tried System Restore, but I can’t even get to any of my old save points anymore.

I am running on XP and IE8. I have a log for anyone who needs it. Thanks again.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:46:15, on 01/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Daemon Virtual Drive\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/logi...ap2e6CwWSb86QVdqk-&.done=http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon Virtual Drive\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XejAtgha] C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MozyPro Backup Service (MyBusinessWorksbackup) - MyBusinessWorks - C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 7455 bytes
 
See less See more
#2 ·
Your computer appears to be a Toshiba laptop.

What model name and model number is it?

---------------------------------------------------------

Right-click MY COMPUTER, then click Properties.

What's listed in the Computer: section of the "General" tab?

----------------------------------------------------------

Start HiJackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

----------------------------------------------------------

Your computer appears to be infected.

Read the topmost "sticky" in this section, then provide the required logs and information so a gold/blue shield removal specialist can assist you.

----------------------------------------------------------
 
#3 ·
I'm running XP - server pack 3
Yes it's a Toshiba Equium L350-10L
Dual CPU T2370 @ 1.73GHZ 1.99GB
I have not upgraded any of the hardware.

The uninstall_list.txt as follows -

32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility
Atheros Driver Installation Program
Bluetooth Monitor 4
DAEMON Tools
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Smart Web Printing
HP Solution Center 11.0
Intel(R) Graphics Media Accelerator Driver
iTunes
K-Lite Codec Pack 7.5.0 (Full)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2000 Premium
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MozyPro
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
OCR Software by I.R.I.S. 11.0
PurePlay Poker
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Synaptics Pointing Device Driver
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Search 4.0
WinZip 15.0
 
#4 ·
You must have uninstalled/removed Avira AntiVir 12 because it doesn't appear in either of your logs.

Your "uninstall_list.txt" log shows no security-related programs installed, so your computer is completely unprotected from infections.

Download and SAVE:

Malwarebytes Anti-Malware 1.60.1.1000 (free version)

Microsoft Security Essentials 2.1.1116.0

SUPERAntiSpyware 5.0.0.1146 (free version)

Just download and SAVE them for now and do NOT install nor do anything with them yet.

As I previously advised you to do, you need to read the topmost "sticky" in this section and then provide the required logs and information if you want a gold/blue shield removal specialist to assist you.

---------------------------------------------------
 
#5 ·
I hope I have made these files correctly.

dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Derek at 11:45:25 on 2012-04-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1341 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Daemon Virtual Drive\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/login?.src=fpctx&.intl=uk&.pd=c%3D6T7evjap2e6CwWSb86QVdqk-&.done=http%3A%2F%2Fuk.yahoo.com%2F
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\documents and settings\derek\local settings\application data\pxrnjgxj\xejatgha.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [XejAtgha] c:\documents and settings\derek\local settings\application data\pxrnjgxj\xejatgha.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DAEMON Tools-1033] "c:\program files\daemon virtual drive\daemon.exe" -lang 1033
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [XejAtgha] c:\documents and settings\derek\local settings\application data\pxrnjgxj\xejatgha.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozypr~1.lnk - c:\program files\mozypro (corporate edition)\MyBusinessWorksstat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4C27D94A-9E3D-4F0F-9232-EB531D577190} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{ECA2E087-C26F-4614-89F4-A5E9B371EE46} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2011-5-7 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2011-5-7 5248]
R1 MyBusinessWorksFilter;MyBusinessWorksFilter;c:\windows\system32\drivers\MyBusinessWorks.sys [2011-5-14 54776]
R2 MyBusinessWorksbackup;MozyPro Backup Service;c:\program files\mozypro (corporate edition)\MyBusinessWorksbackup.exe [2011-3-29 46912]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2011-5-3 5888]
R4 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\derek\locals~1\temp\fshhtddm.sys --> c:\docume~1\derek\locals~1\temp\fshhtddm.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-15 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-31 21:21:04 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 11:39:57 388096 ----a-r- c:\documents and settings\derek\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-18 11:39:57 -------- d-----w- c:\program files\Trend Micro
2012-03-17 11:43:18 98224 ---ha-w- c:\windows\system32\NUZ0Dp8
2012-03-16 23:28:59 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-03-15 22:43:52 98224 ---ha-w- c:\documents and settings\derek\UjPrn7vu
2012-03-15 22:43:51 98224 ---ha-w- c:\documents and settings\derek\8JqHb17E6
2012-03-10 01:02:22 -------- d-----w- c:\documents and settings\derek\local settings\application data\pxrnjgxj
2012-03-09 23:50:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-09 23:50:29 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-03-31 21:21:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
.
============= FINISH: 11:46:30.75 ===============
 
#7 ·
Yes I did uninstall the Avira AntiVir 12, I thought it don't work any more, and I was planning to install a new anti-virus program until I came across this tech site.

Scanning with the GMER took almost 4 hours, is that suppose to happen? Also the saved file was asking to save as a *.log file. I had to change it to ark.txt.

***************************************************

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-06 16:23:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB21
Running: wgi92tgj.exe; Driver: C:\DOCUME~1\Derek\LOCALS~1\Temp\pgtdapod.sys

---- System - GMER 1.0.15 ----
SSDT \??\C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys ZwCreateKey [0xA6CFF6AC]
SSDT \??\C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys ZwOpenKey [0xA6CFF562]
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\Derek\LOCALS~1\Temp\fshhtddm.sys The system cannot find the file specified. !
? C:\DOCUME~1\Derek\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\svchost.exe[156] time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[720] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe[796] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
? C:\WINDOWS\Explorer.EXE[848] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\Explorer.EXE[848] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\WINDOWS\Explorer.EXE[848] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\Explorer.EXE[848] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\system32\services.exe[972] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\services.exe[972] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\services.exe[972] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\lsass.exe[984] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\lsass.exe[984] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\system32\svchost.exe[1156] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\system32\svchost.exe[1204] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\System32\svchost.exe[1244] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\System32\svchost.exe[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\System32\svchost.exe[1244] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\System32\svchost.exe[1244] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\WINDOWS\System32\svchost.exe[1244] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
? C:\WINDOWS\system32\svchost.exe[1284] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
? C:\WINDOWS\system32\svchost.exe[1340] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\svchost.exe[1340] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\system32\svchost.exe[1428] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\WINDOWS\System32\alg.exe[1672] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77
.text C:\WINDOWS\System32\alg.exe[1672] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453
.text C:\WINDOWS\System32\alg.exe[1672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3
.text C:\WINDOWS\System32\alg.exe[1672] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 200220DB
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20022405
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2002271E
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2002208D
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20022562
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20022396
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2002247A
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2002263D
.text C:\WINDOWS\System32\alg.exe[1672] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200224EB
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\spoolsv.exe[1784] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\WINDOWS\system32\acs.exe[1836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\acs.exe[1836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\acs.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\acs.exe[1836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\acs.exe[1836] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\WINDOWS\system32\acs.exe[1836] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
? C:\WINDOWS\system32\svchost.exe[1880] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\WINDOWS\system32\svchost.exe[1880] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\svchost.exe[1880] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
? C:\WINDOWS\System32\svchost.exe[2144] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\System32\svchost.exe[2144] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3
.text C:\Documents and Settings\Derek\Desktop\wgi92tgj.exe[2400] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC
.text C:\WINDOWS\system32\svchost.exe[2432] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 20201610
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 202068E0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 20206860
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 202068A0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 20206050
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 20206110
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 20205FF0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 20207DF0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 20207EB0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 20207A80
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 20207B00
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 20207BA0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 202060B0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 20207F10
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 20207B20
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 20206750
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 202067C0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 20205DA0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 20205D70
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 20207D20
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 20206170
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 20206920
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 20207D60
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 20207B60
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 20205E30
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 20205F40
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 20206800
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 20207E50
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 202069C0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 20207C20
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 20207CA0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 20207BE0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 20207C60
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 20207CE0
.text C:\WINDOWS\system32\svchost.exe[2432] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 20205DF0
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20023A5B
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200236E6
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2002373C
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20023B16
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20022F7D
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20023B43
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20022F48
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20023B70
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20023940
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20023899
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20022FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20023B97
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20022F02
.text C:\Program Files\Internet Explorer\iexplore.exe[2620] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20022EBC
.text C:\WINDOWS\system32\hkcmd.exe[2640] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\hkcmd.exe[2640] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\hkcmd.exe[2640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\hkcmd.exe[2640] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\igfxpers.exe[2684] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\igfxpers.exe[2684] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\igfxpers.exe[2684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\igfxpers.exe[2684] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\RTHDCPL.EXE[2700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\RTHDCPL.EXE[2700] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\RTHDCPL.EXE[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\RTHDCPL.EXE[2700] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\igfxsrvc.exe[2736] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2744] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Atheros\ACU.exe[2764] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Atheros\ACU.exe[2764] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Atheros\ACU.exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Atheros\ACU.exe[2764] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\Program Files\Atheros\ACU.exe[2764] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\Program Files\Atheros\ACU.exe[2764] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2804] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2844] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Daemon Virtual Drive\daemon.exe[2932] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\iPod\bin\iPodService.exe[2996] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20026B77
.text C:\Program Files\iPod\bin\iPodService.exe[2996] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2001A453
.text C:\Program Files\iPod\bin\iPodService.exe[2996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200269F3
.text C:\Program Files\iPod\bin\iPodService.exe[2996] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200212FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\Program Files\iTunes\iTunesHelper.exe[3040] WININET.DLL!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\ctfmon.exe[3104] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe[3264] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20193A5B
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 201936E6
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2019373C
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20193B16
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20192F7D
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20193B43
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20192F48
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20193B70
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20193940
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20193899
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20192FAF
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20193B97
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20192F02
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3340] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20192EBC
? C:\WINDOWS\System32\svchost.exe[3404] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[3404] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\System32\svchost.exe[3404] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\System32\svchost.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\System32\svchost.exe[3404] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\System32\svchost.exe[3404] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20066B77
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A453
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200669F3
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200612FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20063A5B
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200636E6
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2006373C
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20063B16
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20062F7D
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20063B43
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20062F48
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20063B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20063940
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20063899
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20062FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20063B97
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20062F02
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20062EBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200620DB
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20062405
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2006271E
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2006208D
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20062562
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20062396
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2006247A
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006263D
.text C:\Program Files\Internet Explorer\iexplore.exe[3472] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200624EB
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20066B77
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A453
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200669F3
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200612FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20063A5B
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200636E6
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2006373C
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20063B16
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20062F7D
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20063B43
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20062F48
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20063B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20063940
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20063899
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20062FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20063B97
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20062F02
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20062EBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200620DB
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20062405
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2006271E
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2006208D
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20062562
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20062396
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2006247A
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006263D
.text C:\Program Files\Internet Explorer\iexplore.exe[3544] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200624EB
? C:\WINDOWS\system32\svchost.exe[3600] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\svchost.exe[3600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\svchost.exe[3600] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20066B77
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2005A453
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 200669F3
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 200612FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetReadFile 3D94655B 5 Bytes JMP 20063A5B
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 200636E6
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetQueryDataAvailable 3D94C013 5 Bytes JMP 2006373C
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpOpenRequestA 3D94D598 5 Bytes JMP 20063B16
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestW 3D94FB4E 5 Bytes JMP 20062F7D
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpOpenRequestW 3D94FC8B 5 Bytes JMP 20063B43
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestA 3D95EEB1 5 Bytes JMP 20062F48
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 20063B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetReadFileExW 3D963249 5 Bytes JMP 20063940
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetReadFileExA 3D963281 5 Bytes JMP 20063899
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetWriteFile 3D9A610E 5 Bytes JMP 20062FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!InternetOpenUrlW 3D9A6DF7 5 Bytes JMP 20063B97
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestExA 3D9BA6D2 5 Bytes JMP 20062F02
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] WININET.dll!HttpSendRequestExW 3D9BA72B 5 Bytes JMP 20062EBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 200620DB
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20062405
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2006271E
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!send 71AB4C27 5 Bytes JMP 2006208D
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20062562
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!recv 71AB676F 5 Bytes JMP 20062396
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2006247A
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2006263D
.text C:\Program Files\Internet Explorer\iexplore.exe[3712] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 200624EB
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe[3736] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 20196B77
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 2018A453
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 201969F3
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 201912FC
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 201920DB
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 20192405
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2019271E
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2019208D
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 20192562
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!recv 71AB676F 5 Bytes JMP 20192396
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2019247A
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 2019263D
.text C:\WINDOWS\system32\SearchIndexer.exe[3836] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 201924EB
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[3472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A6060D8
AttachedDevice \FileSystem\Ntfs \Ntfs MyBusinessWorks.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Cdrom \Device\CdRom0 8974FDE0
Device \FileSystem\Rdbss \Device\FsWrap 89A977C8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89769210
Device \Driver\atapi \Device\Ide\IdePort0 89769210
Device \Driver\atapi \Device\Ide\IdePort1 89769210
Device \FileSystem\Srv \Device\LanmanServer 894185C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A98990
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A98990
Device \FileSystem\Npfs \Device\NamedPipe 89331840
Device \FileSystem\Msfs \Device\Mailslot 8957A470
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 897FA248
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 897FA248
Device \FileSystem\Cdfs \Cdfs 894FED70
---- Modules - GMER 1.0.15 ----
Module _________ B9E0B000-B9E23000 (98304 bytes)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe 98224 bytes executable
File C:\Documents and Settings\Derek\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\xejatgha.exe 98224 bytes executable
---- EOF - GMER 1.0.15 ----
 
#8 ·
Click Start - Run, then type in MSCONFIG and then click OK - "Startup" tab.

Write down only the names in the "Startup Item" that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list, and make sure to spell them exactly as you see them there.

----------------------------------------------------------
 
#9 ·
Flavalee,
Thanks for your speedy response. Here's the list.

igfxtray
hkcmd
igfxpers
RTHDCPL
ALCMTR
SynTPEnh
ACU
thotkey
HPWuSchd2
qttask
daemon
NeroCheck
iTunesHelper
ctfmon
msmsgs
xejatgha
Adobe Reader Speed Launch
Microsoft Office
MozyPro Status
Windows Search
 
#10 ·
Go back to Start - Run - MSCONFIG - OK - "Startup" tab.

Remove the checkmark in these startup entries:

igfxtray

hkcmd

igfxpers

RTHDCPL

ALCMTR

HPWuSchd2

qttask

daemon

NeroCheck

iTunesHelper

ctfmon

msmsgs

xejatgha

Adobe Reader Speed Launch

Microsoft Office

Windows Search


After you're done, click Apply - OK/Close - Restart.

When the small System Configuration Utility window appears, ignore its message.

Do NOT reset it back to normal startup mode!!!

Put a checkmark in the lower left of that window BEFORE you click OK to close it.

----------------------------------------------

Wait for the computer to completely settle down from the restart.

Install the 3 security programs that I advised you to download and save in post #4.

Make sure to update their definition files during the install process.

After they've been installed and updated, restart the computer.

DON'T run any scans with them yet!!!

----------------------------------------------
 
#11 ·
Flavallee,

Followed your instructions with the msconfig. Then installed the 3 programs. As instructed I did not run any of the scans, however I was unable to run the update to the MS Security or the SuperAntiSpyware. And the Anti-Malware doesn't seems to run at all.
 
#12 ·
You got all of them installed and they all appear in Control Panel - Add Or Remove Programs?

If they do, do the following, one at a time:

Start Microsoft Security Essentials, then click "Update"(tab) - "Update"(button).

Start SUPERAntiSpyware, then click "Check For Updates"(button).

Start Malwarebytes Anti-Malware, then click "Update"(tab) - "Check For Updates"(button).

Did any or all of them update?

----------------------------------------------------------
 
#13 ·
Yes all 3 is listed in the Add or Remove Programs.

Anti-Malware would start, just a warning message;

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the items." (just to add I do have full access permission to the laptop)

AntiSpyware can start but would not check updates;

"Checking for Definition updates" - "Failed"
"Definitions Update ERROR" - "Failed"

MS Security can also start but again would not update;

"Virus and spyware definitions update failed"
"Security Essentials could not check for virus and spyware definition updates due to an Internet or network connections issue"
"Click Help for more information about this problem"
"Error code: 0x80072efd"
"Error description: Security Essentials couldn't detect an Internet connection. Check your Internet connection, and then try again"
 
#18 ·
You're saying there's NOTHING inside of the pxrnjgxj folder?

Regardless of whether it's empty or contains any files, right-click directly on it, then click Delete - Yes.

If it deletes, restart the computer, then try again to update MSE and MBAM and SAS.

----------------------------------------------------------
 
#19 ·
The computer won't let me delete the folder.

"Error Deleting File or Folder"
"Cannot delete pxrnjgxj: The directory is not empty"

Although there really isn't anything in it. Not enough hidden files.

I even try to change the folders name, then delete it. But no good, still the same message. So I changed it back to the original name.
 
#20 ·
According to your logs, the pxrnjgxj folder is NOT empty and contains a xejatgha.exe file. The folder may also contain other files. Deleting the files one at a time until the folder is empty and then deleting the empty folder sometimes works. You say the folder is empty though, so I'm a bit confused. :confused:

-----------------------------------------------------------
 
#21 ·
Navigate to these folders:

C:\Program Files\Malwarebytes Anti-Malware

C:\Program Files\SUPERAntiSpyware


Rename the mbam.exe file to puppy.exe

Rename the superantispyware.exe file to kitten.exe

Restart the computer.

Try again to update both programs.

----------------------------------------------------------
 
#22 ·
I have renamed the two files.

The anti-malware will now start and can carry out an update.

The anti-spyware still will not update. Has the same "failed" message as before.

The pxrnjgxj folder is visibly empty when opened and with no files that I can select at all. I guess this is one of charateristic of this virus/malware.
 
#23 ·
Do the following in the order listed.

DON'T use the computer while each scan is in progress.

---------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - Perform quick scan - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that EVERYTHING is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

---------------------------------------------------------

Start SUPERAntiSpyware.

Select the "Quick Scan" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

---------------------------------------------------------
 
#24 ·
Anti-Malware log;

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.08.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Derek :: EQUIUM [administrator]
09/04/2012 10:12:07
mbam-log-2012-04-09 (10-12-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228546
Time elapsed: 18 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XejAtgha (Virus.Ramnit) -> Data: C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XejAtgha (Virus.Ramnit) -> Data: C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
c:\documents and settings\derek\local settings\application data\pxrnjgxj\xejatgha.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\documents and settings\derek\start menu\programs\startup\xejatgha.exe (Virus.Ramnit) -> Delete on reboot.
c:\windows\system32\config\systemprofile\start menu\programs\startup\xejatgha.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NUZ0Dp8 (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Derek\Local Settings\Temp\pjeuvijglhepyppn.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Derek\Local Settings\Temp\wpbt0.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pjeuvijglhepyppn.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Derek\8JqHb17E6 (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Derek\UjPrn7vu (Virus.Ramnit) -> Quarantined and deleted successfully.
(end)

============================================

AntiSpyware log;

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/09/2012 at 11:29 AM
Application Version : 5.0.1146
Core Rules Database Version : 8423
Trace Rules Database Version: 6235
Scan type : Quick Scan
Total Scan Time : 00:16:56
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 504
Memory threats detected : 0
Registry items scanned : 29459
Registry threats detected : 0
File items scanned : 13218
File threats detected : 12
Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\TV\Cookies\tv@content.yieldmanager[1].txt [ Cookie:tv@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\tv@apmebf[1].txt [ Cookie:tv@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\tv@doubleclick[1].txt [ Cookie:tv@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\tv@bs.serving-sys[1].txt [ Cookie:tv@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\tv@imrworldwide[2].txt [ Cookie:tv@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\tv@2o7[1].txt [ Cookie:tv@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\tv@questionmarket[1].txt [ Cookie:tv@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\tv@serving-sys[1].txt [ Cookie:tv@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\tv@mediaplex[1].txt [ Cookie:tv@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\TV\Cookies\tv@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:tv@microsoftinternetexplorer.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\DEREK\DESKTOP\F\DOCUMENTS AND SETTINGS\DEFAULT\COOKIES\DEFAULT@2O7[2].TXT [ /2O7 ]
C:\DOCUMENTS AND SETTINGS\DEREK\DESKTOP\F\DOCUMENTS AND SETTINGS\DEFAULT\COOKIES\DEFAULT@ATWOLA[1].TXT [ /ATWOLA ]
 
#25 ·
It looks like Malwarebytes Anti-Malware found and quarantined/deleted that infection. :up:

Start HiJackThis, then click "Do a system scan and save a log file", then save the new log that appears, then copy-and-paste it here.

------------------------------------------------------------
 
#26 ·
New HiJackThis log;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:56:49, on 09/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.src=fpctx&.intl=uk&.pd=c%3D6T7evjap2e6CwWSb86QVdqk-&.done=http%3A%2F%2Fuk.yahoo.com%2F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [XejAtgha] C:\Documents and Settings\Derek\Local Settings\Application Data\pxrnjgxj\xejatgha.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MozyPro Status.lnk = C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksstat.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MozyPro Backup Service (MyBusinessWorksbackup) - MyBusinessWorks - C:\Program Files\MozyPro (Corporate Edition)\MyBusinessWorksbackup.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 6419 bytes
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top