0

Dear all helper

In recently, I found that my computer CPU usage always 100% usage and I notice that it cause by ping.exe in the process list. When I kill the ping.exe process, my CPU usage is go down well. But after a few seconds, the ping.exe run again and the CPU usage to up 100% again. Please

You can check in the attachment, I've already upload the dds, attach and hijackthis report or you can see the report below

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:36 AM, on 11/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\McAfee\VirusScan Enterprise\SCAN32.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ping.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: (no name) - {E99A7D93-7D1D-CCBF-21FD-DF6C42E6DC89} - c:\windows\system32\ysrvrfmj.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sokha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [Google Update] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Update\gupdate.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Google Update] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Update\gupdate.exe (User 'Default user')
O4 - S-1-5-20 Startup: winupdate.lnk = C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\winupdate.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E6201DC-41BF-4F9E-9765-A18176DBE100}: NameServer = 8.8.8.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: zadazui - C:\Documents and Settings\NetworkService\Local Settings\Application Data\zadazui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Update Service (ONETWO) - Unknown owner - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe

--
End of file - 13060 bytes

dds.txt

attach.txt

hijackthis.txt


Attachments
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2011 12:38:11 PM
System Uptime: 11/3/2011 8:34:56 AM (1 hours ago)
.
Motherboard: Intel Corporation |  | DG31PR
Processor: Intel Pentium III Xeon processor | J3E1 | 2666/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 6.224 GiB free.
D: is FIXED (NTFS) - 194 GiB total, 5.722 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
???????
??????? 2.2.0.2070
4.6
Torrent
3D Shadow by Lokas Software
Adobe Acrobat 9 Pro - English, Franais, Deutsch
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Audition 1.5
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Age of Empires III
Alipay security control 2.4.0.3
Android SDK Tools
Apple Application Support
Apple Software Update
Audition Update Version 1017
AV Bros. Page Curl Pro 2.2 (Remove Only)
AV Bros. Puzzle Pro 2.2 (Remove Only)
AWStats
Bandwidth Monitor 3.4 build 749
CCleaner
Click to Call with Skype
Color Efex Pro 3.0 Complete
ColorPic
ConceptDraw MINDMAP 5 Professional
Conduit Engine
Counter-Strike
Dev-C++ 5 beta 9 release (4.9.9.2)
Dfine 2.0
FileZilla Client 3.5.0
Garena 2010
Garena Plus
GlassFish Server Open Source Edition 3.1.1
GOM Player
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Hotspot Shield 2.06
Intel(R) Graphics Media Accelerator Driver
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 7
Java(TM) SE Development Kit 7
K-Lite Codec Pack 5.4.4 (Standard)
Khmer Dictionary v2.0
Khmer Unicode 1.2.5
Khmer Unicode 2.0.1
Khmer Unicode Keyboard (NIDA 1.0)
Magic Bullet Suite 32-bit
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MixMeister BPM Analyzer 1.0
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
MySQL Tools for 5.0
Nero 7 Ultra Edition
neroxml
NetBeans IDE 7.0.1
New Khmer Dictionary
NJStar Communicator
NVIDIA PhysX
Opera 11.11
PandoraRecovery (Remove Only)
PC Wizard 2010.1.96
PDF Settings CS5
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
Puzzle Pirates
Qianhong 3.5.1
QuickTime
Real Alternative 2.0.2
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Security Update for Windows XP (KB969898)
Sharpener Pro 3.0
Silver Efex Pro
Skype 5.5
Snagit 9.1.3
Steam
Suite Shared Configuration CS4
TeamViewer 6
Teleport Pro
Topaz  InFocus
Topaz Adjust 4
Topaz Clean 3
Topaz DeJpeg 4
Topaz DeNoise 5
Topaz Detail 2
Topaz Fusion Express 2
Topaz ReMask 2
Topaz Simplify 3
Trapcode Form
Trapcode Particular
Trapcode SoundKeys
Trojan Remover 6.8.2
UltraEdit
Update for Windows XP (KB955839)
uTorrentBar Toolbar
VirtualDJ PRO Full
Viveza
WampServer 2.1
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Media Format Runtime
WinRAR archiver
x264 Revision 551 x264.nl (remove only)
Xilisoft Video Converter Ultimate 6
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
10/28/2011 3:10:34 PM, error: EventLog [6004]  - A driver packet received from the I/O subsystem was invalid.  The data is the packet.
10/27/2011 7:30:00 PM, error: Schedule [7901]  - The At7.job command failed to start due to the following error:  %%2147942402
10/27/2011 7:30:00 PM, error: Schedule [7901]  - The At2.job command failed to start due to the following error:  %%2147942402
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.0.0
Run by Sokha at 9:03:14 on 2011-11-03
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3060.2055 [GMT 7:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
"C:\WINDOWS\Sxc\svchost.exe" 
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trojan Remover\trupd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities 2011\winstyler\tu_logonui.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: : {e99a7d93-7d1d-ccbf-21fd-df6c42e6dc89} - c:\windows\system32\ysrvrfmj.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sokha\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
dRun: [Google Update] c:\documents and settings\networkservice\local settings\application data\google\update\gupdate.exe
mExplorerRun: [SXC] c:\windows\sxc\svchost.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: Interfaces\{6E6201DC-41BF-4F9E-9765-A18176DBE100} : NameServer = 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: zadazui - c:\documents and settings\networkservice\local settings\application data\zadazui.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sokha\application data\mozilla\firefox\profiles\x2xiptty.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\sokha\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sokha\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\sokha\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-5-24 340592]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:36 AM, on 11/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\McAfee\VirusScan Enterprise\SCAN32.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ping.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: (no name) - {E99A7D93-7D1D-CCBF-21FD-DF6C42E6DC89} - c:\windows\system32\ysrvrfmj.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sokha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [Google Update] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Update\gupdate.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Google Update] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Update\gupdate.exe (User 'Default user')
O4 - S-1-5-20 Startup: winupdate.lnk = C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\winupdate.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E6201DC-41BF-4F9E-9765-A18176DBE100}: NameServer = 8.8.8.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: zadazui - C:\Documents and Settings\NetworkService\Local Settings\Application Data\zadazui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WIN
8
Contributors
20
Replies
21
Views
6 Years
Discussion Span
Last Post by jmamike
0

Hi and welcome to Daniweb :).

Please return to the sticky directions thread and run ALL the tools requested.

Update MBA-M before scanning.

NO logs are to be attached please (as per the instructions in the sticky). Please just paste them into your reply.

0

Thank for your respone. I'm new with this forum. I don't know where to post my problem as you mention (sticky direction thread). Please give me the link to redirect to that place please. Thank

0

Also I see you have McAfee installed and that is a very bad virus scanner. Not that long ago McAfee had an update that blocked svhost.exe Also there are quite a few viruses it doesn't block and I would recommend getting a better virus scanner such as Avast or Kaspersky. The 3 virus scanners that are a definite nono are McAfee, Nortons and AVG. They are the worst of the worst. I once got my computer filled with viruses on both Nortons and AVG. However if find Avast works fine. Thought I would warn you about that security issue on your computer. Also you have a lot of junkware on your computer which can be uninstalled to speed up performance.

0

Please help me for the solution and give me advice on which software should I uninstall. Thank you.

Below is my report which I follow the instruction.

--------------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8074

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/3/2011 5:30:20 PM
mbam-log-2011-11-03 (17-30-20).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 430438
Time elapsed: 1 hour(s), 53 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 12
Files Infected: 228

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> Not selected for removal.
HKEY_LOCAL_MACHINE\Software\SogouExplorer (Adware.Sogou) -> Not selected for removal.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:
c:\program files\sogouexplorer (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\plugins (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\Skin (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Security (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct\laan (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct\laan\smart (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct\laan\smart\tween (Adware.Sogou) -> Not selected for removal.

Files Infected:
c:\program files\sogouexplorer\uninstall.exe (Adware.Sogou) -> Quarantined and deleted successfully.
c:\WINDOWS\bch.exe.vir (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\cdi.exe.vir (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\hti.exe.vir (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\xtr.exe.vir (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
c:\hijack this\hijackthis.exe (PWS.Fignotok) -> Quarantined and deleted successfully.
d:\sopharo datat\wallpaper best\ads of the world\smart-auctions.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
d:\system volume information\_restore{09d8c44b-3761-45da-9ed5-ee3fa503acbb}\RP89\A0020243.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\system volume information\_restore{09d8c44b-3761-45da-9ed5-ee3fa503acbb}\RP99\A0026181.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\system volume information\_restore{09d8c44b-3761-45da-9ed5-ee3fa503acbb}\RP99\A0026209.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\mypersonal\Soft\Nero\Keygen.exe (RiskWare.Tool.CK) -> Not selected for removal.
d:\mypersonal\Soft\Tools\hijack this\hijackthis.exe (PWS.Fignotok) -> Not selected for removal.
d:\mypersonal\Soft\smartdraw.2010.tonyweb.dm999\smartdraw2010patch_keygen_tonyweb\smartdraw2010keygen.exe (RiskWare.Tool.CK) -> Not selected for removal.
c:\documents and settings\networkservice\start menu\Programs\Startup\winupdate.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\svhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\sogouexplorer\sogouipfilterinst.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\adbrule.dat (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\aliedit.exe (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\avcodec-52.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\avformat-52.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\avutil-50.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\browser.conf (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\bseapi.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\bsecore.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\bseupd.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\changelog.txt (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\cmdlineparser.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\dialog.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\dialogcore.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\framework.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\hardcode.bin (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\Instlist (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\knsfmon.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\license (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\metasearch.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\metasearchdic (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\p2pclient.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\seapi.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\searchlist.xml (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\seinstallhelper.exe (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\site.url (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\snapshoter.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\sodalib.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\sogouexplorer.exe (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\sogouipfilter.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\sogounet.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\sogounetopt.sys (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\tridentcore.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\video_acc.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\webkitcore.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\webkit_plugins_file.xml (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\xdelta3.exe (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\plugins\npaliedit.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\plugins\npcombrg310.dll (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\27.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\46.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\0.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\1.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\10.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\11.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\12.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\13.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\14.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\15.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\16.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\17.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\18.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\19.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\2.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\20.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\21.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\22.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\23.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\24.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\25.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\26.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\28.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\29.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\3.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\30.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\31.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\32.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\33.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\34.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\35.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\36.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\37.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\38.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\39.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\4.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\40.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\41.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\42.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\43.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\44.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\45.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\47.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\48.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\49.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\5.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\50.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\51.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\52.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\53.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\54.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\55.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\56.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\57.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\58.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\59.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\6.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\60.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\61.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\62.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\63.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\64.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\65.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\66.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\67.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\7.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\8.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\SafeIcon\9.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\Skin\????? 2010.seskin (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\googlec.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\rbg2.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\add1.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\add2.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\baidu.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\baiduc.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\bdsug.js (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\checkbox.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\checkbox1.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\checkbox2.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\close.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\close.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\default.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\default.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\default_page.ico (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\fenge.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\google.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\guding1.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\guding2.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\help.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\ie.css (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\ie.js (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\iframe.html (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\iframe_wk.html (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\index1.html (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\index2.html (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\logo.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\none.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\q1.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\q2.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\rbg.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\rbg0.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\rbg3.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\reset.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\sb.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\search_logo.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\selmenu.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\set.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\setcancel.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\setok.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\shadow1.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\shadow2.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\sogou.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\sogouc.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\space.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\tran1.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\tran2.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\tran3.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\wk.css (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Local\wk.js (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Security\body_back.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Security\btn1.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Security\btn2.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Security\riskalert.html (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_queding_hit.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_stage_arrow_sousuo.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\baidu_logo.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\google_logo.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\index.html (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\pic_daohang.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\pic_kongbai.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\pic_sousuo.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\pic_zuiai.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\pic_zuiai_1.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\pic_zuiai_2.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\sogou_logo.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_body_bg.jpg (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_daohang.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_daohang_hit.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_kongbai.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_kongbai_hit.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_light.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_qita.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_queding.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_queding_hover.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_sousuo.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_sousuo_hit.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_zidingyi.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_zidingyi_hit.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_zuiai.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_btn_zuiai_hit.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_checkbox_checked.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_checkbox_hover.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_checkbox_normal.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_daohang_logo_bg.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_ico_home.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_stage_arrow_daohang.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_stage_arrow_kongbai.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_stage_arrow_zidingyi.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_stage_arrow_zuiai.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_stage_main.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_text_1.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_zidingyi_dizhikuang.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_zidingyi_icon.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\start_zidingyi_text.gif (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\s_baidu_logo.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\s_google_logo.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\startpage\Selector\s_sogou_logo.png (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct\download.swf (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct\passport.swf (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct\passport_20.swf (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct\swichcore.swf (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct\tabscroll.swf (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct\videoextract.swf (Adware.Sogou) -> Not selected for removal.
c:\program files\sogouexplorer\userinstruct\videoontop.swf (Adware.Sogou) -> Not selected for removal.

---------------------------------------------------------------
GMER One.log
---------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-03 15:21:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-10 Hitachi_HDP725025GLA380 rev.GM2OA52A
Running: gmer.exe; Driver: C:\DOCUME~1\Sokha\LOCALS~1\Temp\uxtdypow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF78661C8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7866086]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF7866020]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF7866034]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF786609A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF78660C6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF7866134]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF786611E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF786614A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7866208]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF7866176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7866072]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7865FE4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7865FF8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF78661DC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF78661B2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF7866108]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF78660F2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF78660B0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF786619E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF786618A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF786605E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF786604A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF78660DC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7866237]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF7866160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF786621E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF78661F2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A17F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A17F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A17F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T1L0-10 8A17F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-8 8A17F31B

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

-----------------------------------------------------------
GMER Two.log
-----------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-03 15:17:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 Hitachi_HDP725025GLA380 rev.GM2OA52A
Running: gmer.exe; Driver: C:\DOCUME~1\Sokha\LOCALS~1\Temp\uxtdypow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF78661C8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7866086]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF7866020]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF7866034]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF786609A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF78660C6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF7866134]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF786611E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF786614A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7866208]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF7866176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7866072]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7865FE4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7865FF8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF78661DC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF78661B2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF7866108]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF78660F2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF78660B0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF786619E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF786618A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF786605E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF786604A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF78660DC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7866237]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF7866160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF786621E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF78661F2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

? uppwoy.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F86
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0F97
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE007B
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0054
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0FCD
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0F46
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE008C
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F06
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00A9
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0EEB
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FB2
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F6B
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreateNamedPipeW 7C82F0AD 5 Bytes JMP 00BE0039
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!CreateNamedPipeA 7C8612BC 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\svchost.exe[188] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00BE0F35
.text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0F7C
.text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FB9
.text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0F8D
.text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BD002F
.text C:\WINDOWS\system32\svchost.exe[188] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0FA8
.text C:\WINDOWS\system32\svchost.exe[188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007F0036
.text C:\WINDOWS\system32\svchost.exe[188] msvcrt.dll!system 77C293C7 5 Bytes JMP 007F0FA1
.text C:\WINDOWS\system32\svchost.exe[188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007F0011
.text C:\WINDOWS\system32\svchost.exe[188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007F0FBC
.text C:\WINDOWS\system32\svchost.exe[188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007F0FE3
.text C:\WINDOWS\system32\svchost.exe[188] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 007D0FE5
.text C:\WINDOWS\system32\svchost.exe[188] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 007D000A
.text C:\WINDOWS\system32\svchost.exe[188] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 007D0FD4
.text C:\WINDOWS\system32\svchost.exe[188] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 007D0FC3
.text C:\WINDOWS\system32\svchost.exe[188] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DA0F43
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DA0042
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA0F68
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DA0025
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DA0F9E
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DA0F21
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DA0F32
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA0EE4
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DA0EFF
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DA0EC9
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DA0F8D
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA0FCA
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DA005D
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateNamedPipeW 7C82F0AD 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateNamedPipeA 7C8612BC 5 Bytes JMP 00DA0FB9
.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00DA0F10
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F0047
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0F9B
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F002C
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F0011
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007F0FB6
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007F0058
.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007F0FDB
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007E0078
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!system 77C293C7 5 Bytes JMP 007E0FE3
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007E0038
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007E0049
.text C:\WINDOWS\system32\svchost.exe[240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007E001D
.text C:\WINDOWS\system32\svchost.exe[240] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[240] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 001B0011
.text C:\WINDOWS\system32\svchost.exe[240] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 001B0022
.text C:\WINDOWS\system32\svchost.exe[240] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 001B003D
.text C:\WINDOWS\system32\svchost.exe[240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007D0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00930FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00930085
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00930F90
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0093005E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0093004D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00930FBC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00930F64
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00930F75
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00930F49
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009300E2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009300F3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00930FAB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00930FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00930096
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!CreateNamedPipeW 7C82F0AD 5 Bytes JMP 00930FCD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!CreateNamedPipeA 7C8612BC 5 Bytes JMP 00930014
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 009300BD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00920047
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00920FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00920036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00920025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00920FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00920000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00920FD1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B2, 88] {MOV DL, 0x88}
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920058
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910050
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] msvcrt.dll!system 77C293C7 5 Bytes JMP 0091003F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0091001D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0091000C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0091002E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00900FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 008F0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 008F0011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 008F0FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[872] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 008F0FC0
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00940000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0094006A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00940F6B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00940F7C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00940F8D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00940FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00940F38
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00940F49
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009400C0
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00940F27
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009400DB
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00940025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00940FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00940F5A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!CreateNamedPipeW 7C82F0AD 5 Bytes JMP 00940FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!CreateNamedPipeA 7C8612BC 5 Bytes JMP 00940FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 009400A5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093005B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F9E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0093004A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0093002F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FA6
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920031
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0092000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FC1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00900FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00900FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00900FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[936] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00900FA8
.text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D2000A
.text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D3000A
.text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C8000C
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02950FEF
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02950080
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02950065
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02950F97
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02950FB2
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02950043
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02950F50
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 029500A2
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029500D5
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029500C4
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02950F21
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02950054
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02950FDE
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02950091
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreateNamedPipeW 7C82F0AD 5 Bytes JMP 02950FCD
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreateNamedPipeA 7C8612BC 5 Bytes JMP 02950014
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 029500B3
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02940FB9
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02940F68
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02940FCA
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02940FDB
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0294002F
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02940000
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02940F97
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B4, 8A] {MOV AH, 0x8a}
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02940FA8
.text C:\WINDOWS\Explorer.EXE[1336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02930FB2
.text C:\WINDOWS\Explorer.EXE[1336] msvcrt.dll!system 77C293C7 5 Bytes JMP 02930FC3
.text C:\WINDOWS\Explorer.EXE[1336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02930022
.text C:\WINDOWS\Explorer.EXE[1336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02930000
.text C:\WINDOWS\Explorer.EXE[1336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02930033
.text C:\WINDOWS\Explorer.EXE[1336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02930011
.text C:\WINDOWS\Explorer.EXE[1336] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 02910000
.text C:\WINDOWS\Explorer.EXE[1336] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 0291001B
.text C:\WINDOWS\Explorer.EXE[1336] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 02910FE5
.text C:\WINDOWS\Explorer.EXE[1336] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 02910FD4
.text C:\WINDOWS\Explorer.EXE[1336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0292000A
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01420FEF
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0142009D
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0142008C
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01420071
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01420FA8
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0142002F
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014200C4
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01420F72
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014200F0
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014200DF
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0142010B
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0142004A
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01420FDE
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01420F8D
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!CreateNamedPipeW 7C82F0AD 5 Bytes JMP 01420FB9
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!CreateNamedPipeA 7C8612BC 5 Bytes JMP 01420014
.text C:\WINDOWS\system32\services.exe[1416] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 01420F61
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 012D002F
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 012D0F83
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 012D001E
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 012D0FDE
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 012D0F9E
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 012D0FEF
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 012D0040
.text C:\WINDOWS\system32\services.exe[1416] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 012D0FC3
.text C:\WINDOWS\system32\services.exe[1416] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012C0FAD
.text C:\WINDOWS\system32\services.exe[1416] msvcrt.dll!system 77C293C7 5 Bytes JMP 012C0038
.text C:\WINDOWS\system32\services.exe[1416] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012C0FC8
.text C:\WINDOWS\system32\services.exe[1416] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012C0FEF
.text C:\WINDOWS\system32\services.exe[1416] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012C0027
.text C:\WINDOWS\system32\services.exe[1416] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012C000C
.text C:\WINDOWS\system32\services.exe[1416] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 012A0000
.text C:\WINDOWS\system32\services.exe[1416] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 012A0011
.text C:\WINDOWS\system32\services.exe[1416] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 012A0FDB
.text C:\WINDOWS\system32\services.exe[1416] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 012A0FCA
.text C:\WINDOWS\system32\services.exe[1416] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012B000A
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011F0FEF
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011F0087
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011F006C
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011F005B
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011F004A
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011F0F9E
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011F0098
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011F0F5C
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011F00CE
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011F00B3
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011F0F24
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011F002F
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011F0FDE
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011F0F6D
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!CreateNamedPipeW 7C82F0AD 5 Bytes JMP 011F0014
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!CreateNamedPipeA 7C8612BC 5 Bytes JMP 011F0FC3
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 011F0F35
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 011E0FA5
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011E0F5E
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 011E0FC0
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 011E0000
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 011E001B
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 011E0FEF
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 011E0F83
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [3E, 89]
.text C:\WINDOWS\system32\lsass.exe[1428] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 011E0F94
.text C:\WINDOWS\system32\lsass.exe[1428] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011D0FA8
.text C:\WINDOWS\system32\lsass.exe[1428] msvcrt.dll!system 77C293C7 5 Bytes JMP 011D0033
.text C:\WINDOWS\system32\lsass.exe[1428] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011D0FD4
.text C:\WINDOWS\system32\lsass.exe[1428] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011D0000
.text C:\WINDOWS\system32\lsass.exe[1428] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011D0FC3
.text C:\WINDOWS\system32\lsass.exe[1428] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011D0FEF
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011C0000
.text C:\WINDOWS\system32\lsass.exe[1428] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\lsass.exe[1428] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\lsass.exe[1428] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\lsass.exe[1428] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EC0096
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EC0085
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EC0FA1
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EC0FB2
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EC0FC3
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EC00BD
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EC0F75
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EC0F3F
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EC0F50
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EC00E9
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EC004A
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EC000A
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EC0F86
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeW 7C82F0AD 5 Bytes JMP 00EC0FD4
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeA 7C8612BC 5 Bytes JMP 00EC001B
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00EC00CE
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EB0FCA
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EB0F94
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EB0011
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EB0051
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EB0036
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EB0FB9
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EA0066
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EA0FDB
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EA003A
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EA000C
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EA004B
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EA001D
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 007E0011
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 007E0022
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 007E0FD1
.text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01050FEF
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01050F7A
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0105006F
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01050F95
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01050FB2
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0105002F
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!GetStartupInfoW 7C801E54 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01050F58
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01050094
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01050F18
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010500BB
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01050EFD
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0105004A
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01050FDE
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01050F69
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateNamedPipeW 7C82F0AD 5 Bytes JMP 01050FCD
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateNamedPipeA 7C8612BC 5 Bytes JMP 0105001E
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 01050F47
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0F91
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0058
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FF003D
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF002C
.text C:\WINDOWS\system32\svchost.exe[1700] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0070
.text C:\WINDOWS\system32\svchost.exe[1700] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1700] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE003A
.text C:\WINDOWS\system32\svchost.exe[1700] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE000C
.text C:\WINDOWS\system32\svchost.exe[1700] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE004B
.text C:\WINDOWS\system32\svchost.exe[1700] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0029
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 007E001B
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 007E002C
.text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 007E0FDB
.text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007F0000
.text C:\WINDOWS\System32\svchost.exe[1864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007E000A
.text C:\WINDOWS\System32\svchost.exe[1864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007F000A
.text C:\WINDOWS\System32\svchost.exe[1864] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007D000C
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 053B0FEF
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 053B0F65
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 053B0F76
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 053B0F91
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 053B004E
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 053B002C
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 053B0F23
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 053B0F34
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 053B0F01
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 053B0F12
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 053B00B5
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 053B003D
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 053B0FD4
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 053B006B
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateNamedPipeW 7C82F0AD 5 Bytes JMP 053B001B
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!CreateNamedPipeA 7C8612BC 5 Bytes JMP 053B000A
.text C:\WINDOWS\System32\svchost.exe[1864] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 053B0090
.text C:\WINDOWS\System32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 053A0FAF
.text C:\WINDOWS\System32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 053A0F9E
.text C:\WINDOWS\System32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 053A0FC0
.text C:\WINDOWS\System32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 053A0FE5
.text C:\WINDOWS\System32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 053A0051
.text C:\WINDOWS\System32\svchost.exe[1864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 053A0000
.text C:\WINDOWS\System32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 053A0040
.text C:\WINDOWS\System32\svchost.exe[1864] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 053A0025
.text C:\WINDOWS\System32\svchost.exe[1864] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 05390FB7
.text C:\WINDOWS\System32\svchost.exe[1864] msvcrt.dll!system 77C293C7 5 Bytes JMP 05390FC8
.text C:\WINDOWS\System32\svchost.exe[1864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0539001D
.text C:\WINDOWS\System32\svchost.exe[1864] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05390FEF
.text C:\WINDOWS\System32\svchost.exe[1864] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05390038
.text C:\WINDOWS\System32\svchost.exe[1864] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0539000C
.text C:\WINDOWS\System32\svchost.exe[1864] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 050E0FEF
.text C:\WINDOWS\System32\svchost.exe[1864] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 050E0000
.text C:\WINDOWS\System32\svchost.exe[1864] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 050E0FCA
.text C:\WINDOWS\System32\svchost.exe[1864] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 050E001B
.text C:\WINDOWS\System32\svchost.exe[1864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 050F0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A17F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A17F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A17F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-8 8A17F31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T1L0-10 8A17F31B

AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x55 0xB3 0x00 0x7B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{f5eb5d1d-aba3-44a8-9452-3d95929ace76}@Model 259
Reg HKLM\SOFTWARE\Classes\CLSID\{f5eb5d1d-aba3-44a8-9452-3d95929ace76}@Therad 17
Reg HKLM\SOFTWARE\Classes\CLSID\{f5eb5d1d-aba3-44a8-9452-3d95929ace76}@MData 0x73 0xD5 0xCF 0xB8 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------
DDS.txt
--------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Sokha at 10:03:44 on 2011-11-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3060.2349 [GMT 7:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

0

i encountered this problem few days ago, what i have done is i scan my pc using online scan, via trend micro house call... it's gone no more ping.exe 100% processing in cpu.

0

Thank you benmar but the OP's problems extend beyond that.

=================

meassokha, can you please tell me why you selectively had MalwareBytesAnti_Malware remove some items and not others?

If you choose to not follow the directions given, then you will not receive the help you need.

I am not going to waste my own personal time with someone who appears to not want his PC cleaned.

Your PC is severely infected and your security compromised by what you have installed (keygens etc.), so I suggest you follow the instructions to the letter.

Let me know which way you want to go.

0

Dear crunchie

in the MBA_M Scan I deselect some item because those file are my chinese browser which I use it for long time ago found it has no any infect to my computer. But If you insist me to remove them all in order to receive the help. I will do it and post the report for you again. OK?

Sorry for this.

0

You have de-selected the keygens too which gives me no confidence in a good outcome.

I would prefer that you follow the directions as given, unless you really cannot do without the chinese browser.

0

The fact that McAfee has not detected "sogouexplorer" as a threat is a sign that you need a new ant-virus and anti-malware scanner. I would suggest installing better anti-virus and anti-malware scanners as posted in my previous post and they should delete most of the threats. If you want every threat deleted then you will need to reinstall windows with the format hard drive option. But hey, I put up with a few trogens on my system so I didn't have to reinstall windows although it means putting up with the system recourse decrease.

0

Upon your request I've already follow the direction. But I also did some change to my computer as follow.
1. Uninstall McAfee and Install Avast Antivirus Pro 6 instead
2. Uninstall my chinese browser(Sogou browser)
3. Than I scan my computer with MBA-M
4. Run dds.scr

Below is the report of MBA-M, dds.txt and attach.txt

----------------------------------------------------
MBA-M Log
----------------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8074

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/5/2011 10:18:10 AM
mbam-log-2011-11-05 (10-18-10).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 429484
Time elapsed: 1 hour(s), 54 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{778beabf-7ec8-416b-bf17-dd817fdfff54}\rp5\a0000682.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\windows\temp\ksrlax\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\mypersonal\Soft\Nero\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\mypersonal\Soft\Tools\hijack this\hijackthis.exe (PWS.Fignotok) -> Quarantined and deleted successfully.
d:\mypersonal\Soft\smartdraw.2010.tonyweb.dm999\smartdraw2010patch_keygen_tonyweb\smartdraw2010keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

----------------------------------------
dds.txt
----------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Sokha at 10:21:51 on 2011-11-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3060.2585 [GMT 7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities 2011\winstyler\tu_logonui.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: Interfaces\{6E6201DC-41BF-4F9E-9765-A18176DBE100} : NameServer = 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sokha\application data\mozilla\firefox\profiles\x2xiptty.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\sokha\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sokha\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\sokha\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-4 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-4 301528]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-6-23 101616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-4 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-4 42184]
R2 BeatTrojanHelperOne;BeatTrojanHelperOne;d:\mypersonal\soft\tools\forcedelete\BeatTrojanHelperOne.SYS [2010-6-9 5120]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-7-2 298824]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-3 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-3 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
S2 qiywsfjd;GGSAFER Monitor;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-6-10 20328]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-28 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-11-04 07:11:46 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-04 07:11:34 40648 ----a-w- c:\windows\avastSS.scr
2011-11-04 07:11:28 -------- d-----w- c:\program files\AVAST Software
2011-11-04 07:11:28 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-11-04 03:49:27 -------- d-----w- c:\documents and settings\sokha\local settings\application data\uTorrentBar
2011-11-04 03:49:26 -------- d-----w- c:\program files\uTorrentBar
2011-11-04 03:45:42 -------- d-----w- c:\documents and settings\sokha\local settings\application data\uTorrent
2011-11-03 05:22:40 -------- d-----w- c:\documents and settings\sokha\application data\Malwarebytes
2011-11-03 05:22:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-03 05:22:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-03 05:22:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-03 03:44:48 -------- d-----w- c:\documents and settings\sokha\application data\wsInspector
2011-11-03 03:43:27 -------- d-----w- c:\program files\Startup Inspector for Windows
2011-11-03 03:28:01 -------- d-----w- C:\Hijack This
2011-11-03 02:06:54 100864 ----a-w- C:\uxtdypow.sys
2011-11-03 01:53:04 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-11-03 01:53:04 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-11-03 01:53:04 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-11-03 01:53:04 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-11-03 01:53:04 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-11-03 01:53:02 -------- d-----w- c:\program files\Trojan Remover
2011-11-03 01:53:02 -------- d-----w- c:\documents and settings\sokha\application data\Simply Super Software
2011-11-03 01:53:02 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2011-10-27 17:28:32 -------- d-sh--w- c:\windows\Sxc
2011-10-17 12:35:00 0 --sha-w- c:\windows\svcsvh32.exe
2011-10-16 09:33:20 -------- d-----w- c:\documents and settings\sokha\application data\GarenaPlus
2011-10-13 12:45:00 0 --sha-w- c:\windows\mtn3.exe
2011-10-13 12:40:00 0 --sha-w- c:\windows\mtn3270.exe
2011-10-13 12:25:00 0 --sha-w- c:\windows\pdesrv2.exe
2011-10-12 07:40:04 -------- d-----w- c:\documents and settings\sokha\application data\Fritzing
2011-10-10 04:00:06 -------- d-----w- c:\documents and settings\all users\application data\Age of Empires 3
2011-10-10 02:37:03 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
.
==================== Find3M ====================
.
2011-09-19 11:32:02 2285056 ----a-w- c:\windows\system32\TUKernel.exe
2011-09-13 04:46:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-05 10:37:59 573440 ----a-w- c:\windows\system32\alleg42.dll
2011-09-05 08:04:08 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-05 08:04:08 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-01 09:54:12 134122 ----a-w- c:\windows\ColorPic Uninstaller.exe
2011-04-01 11:19:26 25876912 --sh--w- c:\windows\setupa.exe
.
============= FINISH: 10:23:36.32 ===============

--------------------------------------------------
attach.txt
--------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2011 12:38:11 PM
System Uptime: 11/5/2011 10:19:43 AM (0 hours ago)
.
Motherboard: Intel Corporation | | DG31PR
Processor: Intel Pentium III Xeon processor | J3E1 | 2666/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 7.876 GiB free.
D: is FIXED (NTFS) - 194 GiB total, 5.328 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2: 11/3/2011 2:28:59 PM - System Checkpoint
RP3: 11/4/2011 2:07:15 PM - Removed McAfee VirusScan Enterprise
RP4: 11/4/2011 2:08:11 PM - Removed McAfee Agent.
RP5: 11/4/2011 2:11:28 PM - avast! Pro Antivirus Setup
.
==== Installed Programs ======================
.
???????
´ò×ÖÏÈ·æ4.6°æ
µTorrent
3D Shadow by Lokas Software
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Audition 1.5
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Age of Empires III
Alipay security control 2.4.0.3
Apple Application Support
Apple Software Update
Audition Update Version 1017
AV Bros. Page Curl Pro 2.2 (Remove Only)
AV Bros. Puzzle Pro 2.2 (Remove Only)
avast! Pro Antivirus
AWStats
Bandwidth Monitor 3.4 build 749
CCleaner
Click to Call with Skype
Color Efex Pro 3.0 Complete
ColorPic
ConceptDraw MINDMAP 5 Professional
Counter-Strike
Dev-C++ 5 beta 9 release (4.9.9.2)
Dfine 2.0
FileZilla Client 3.5.0
Garena 2010
Garena Plus
GlassFish Server Open Source Edition 3.1.1
GOM Player
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Hotspot Shield 2.06
Intel(R) Graphics Media Accelerator Driver
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 7
Java(TM) SE Development Kit 7
K-Lite Codec Pack 5.4.4 (Standard)
Khmer Dictionary v2.0
Khmer Unicode 1.2.5
Khmer Unicode 2.0.1
Khmer Unicode Keyboard (NIDA 1.0)
Magic Bullet Suite 32-bit
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MixMeister BPM Analyzer 1.0
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
MySQL Tools for 5.0
Nero 7 Ultra Edition
neroxml
NetBeans IDE 7.0.1
New Khmer Dictionary
NJStar Communicator
NVIDIA PhysX
Opera 11.11
PandoraRecovery (Remove Only)
PC Wizard 2010.1.96
PDF Settings CS5
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
Puzzle Pirates
Qianhong 3.5.1
QuickTime
Real Alternative 2.0.2
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Security Update for Windows XP (KB969898)
Sharpener Pro 3.0
Silver Efex Pro
Skype™ 5.5
Snagit 9.1.3
Steam
Suite Shared Configuration CS4
TeamViewer 6
Teleport Pro
Topaz InFocus
Topaz Adjust 4
Topaz Clean 3
Topaz DeJpeg 4
Topaz DeNoise 5
Topaz Detail 2
Topaz Fusion Express 2
Topaz ReMask 2
Topaz Simplify 3
Trapcode Form
Trapcode Particular
Trapcode SoundKeys
Trojan Remover 6.8.2
UltraEdit
Uninstall Startup Inspector
Update for Windows XP (KB955839)
uTorrentBar Toolbar
VirtualDJ PRO Full
Viveza
WampServer 2.1
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Media Format Runtime
WinRAR archiver
x264 Revision 551 x264.nl (remove only)
Xilisoft Video Converter Ultimate 6
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
11/4/2011 2:19:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/4/2011 2:19:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/4/2011 2:14:42 PM, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/4/2011 2:13:46 PM, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/3/2011 9:09:14 AM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
11/3/2011 2:45:07 PM, error: Service Control Manager [7023] - The GGSAFER Monitor service terminated with the following error: The specified module could not be found.
11/3/2011 2:45:04 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/3/2011 2:42:35 PM, error: Service Control Manager [7034] - The NVIDIA Update Service service terminated unexpectedly. It has done this 1 time(s).
11/2/2011 7:30:00 PM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
11/2/2011 7:30:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
11/2/2011 4:23:15 PM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
.
==== End Of File ===========================

0

Hi cwarn23

Thank for your recommendation
I've already changed my antivirus to Avast Antivirus Pro 6 :D
In your last reply, you said that there are junkware in my computer which I should remove them to speed up computer, what are they? Can you listed out the name of those junkware? Thank!

0

Progress is being made :).

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
0

I've already scanned my pc with TDSKiller but it found nothing, and the ping.exe process also didn't show up. Maybe avast antivirus help me to clean my pc already.
Problem solved. Thank for your supporting.

0

No worries :).

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

0

Just checking in to say that I had the same issue with Ping.exe. I've followed the recommendations here and it seems to have taken care of it. Thanks a lot!

0

change user rights on ping.exe (which is in windows/system 32) from trusted installer to everybody. (howto search the internet). then move the ping.exe out of system32 to your private folder. thats it. ping.exe you don,t need. this is for windows 7.

0

I copied the 'ping.exe' and 'pathping.exe' from an uninfected computer (XP) (C:\windows\system32) and replaced those two files in the infected computer with the uninfected ones.

Then searched for ping.exe and deleted any other similar files (not the newly replaced ones) which has ping in the name. Have not seen any ping related ~100% CPU consumption.

After that I scanned computer with the trial version of AVG, much better than any other vendors (norton, trend micro ...); found lot of other infected files in my computer and taken care of them. Now the computer is running smoothly.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.