Jump to content
Sign in to follow this  
breakingorbit

My Hi Jack This Logs.

Recommended Posts

I have " XP ANTI SPYWARE 2011 " that has been installed on my computer. It turned off my firewall and installed itself. Please help.Thanks Orbit.

 

Here are my logs:

 

DDS (Ver_10-11-10.01) - NTFSx86

Run by eric at 14:43:53.45 on Mon 11/22/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.2018 [GMT -5:00]

 

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Filseclab\xfilter\xfilter.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Filseclab\FilMsg.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Documents and Settings\eric\Local Settings\Application Data\vz.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\eric\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://my.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [PLNRNote] c:\program files\sierrahome\hallmark card studio special edition\planner\PLNRNote.exe

uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [XFILTER] "c:\program files\filseclab\xfilter\xfilter.exe" -a

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\filseclab messenger.lnk - c:\program files\common files\filseclab\FilMsg.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\program files\filseclab\xfilter\XFILTER.DLL

Trusted Zone: intuit.com\ttlc

Trusted Zone: musicmatch.com\online

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\a4b7s8lp.eric\

FF - prefs.js: browser.startup.homepage - www.my.yahoo.com

FF - plugin: c:\documents and settings\boston\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-25 64288]

R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [2009-7-17 124752]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1375992]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15264]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-11-19 20992]

S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007-7-19 513152]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-11-13 394160]

 

=============== File Associations ===============

 

.exe=sezfile

 

=============== Created Last 30 ================

 

2010-11-22 19:41:20 388096 ----a-r- c:\docume~1\eric\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-11-22 19:09:14 317952 --sha-w- c:\docume~1\eric\locals~1\applic~1\vz.exe

2010-11-17 02:08:04 -------- d-----w- c:\program files\Yahoo! Games

2010-11-16 03:01:56 -------- d-----w- c:\program files\FrostWire

2010-11-02 00:33:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2010-11-01 21:30:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment

2010-10-29 21:18:28 -------- d-----w- c:\windows\$regcmp$

2010-10-29 21:14:09 -------- d-----w- c:\program files\Registry Clean Expert

2010-10-29 21:11:27 -------- d-----w- c:\program files\Auslogics

2010-10-25 19:33:21 -------- d-----w- C:\CHOCOLAT__2000

 

==================== Find3M ====================

 

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll

2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2005-09-23 17:22:24 774144 -c--a-w- c:\program files\RngInterstitial.dll

 

============= FINISH: 14:49:26.85 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-11-10.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 12/22/2007 9:08:48 PM

System Uptime: 11/21/2010 9:13:44 AM (29 hours ago)

 

Motherboard: Dell Inc. | | 0M3918

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 72 GiB total, 5.841 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP215: 10/25/2010 9:00:24 AM - Software Distribution Service 3.0

RP216: 10/26/2010 8:17:18 AM - Avg Update

RP217: 10/26/2010 9:00:22 AM - Software Distribution Service 3.0

RP218: 10/27/2010 9:00:24 AM - Software Distribution Service 3.0

RP219: 10/28/2010 9:00:23 AM - Software Distribution Service 3.0

RP220: 10/29/2010 9:00:24 AM - Software Distribution Service 3.0

RP221: 10/30/2010 10:42:48 AM - Software Distribution Service 3.0

RP222: 10/31/2010 12:48:13 AM - Software Distribution Service 3.0

RP223: 10/31/2010 9:00:24 AM - Software Distribution Service 3.0

RP224: 11/1/2010 8:32:20 AM - Software Distribution Service 3.0

RP225: 11/1/2010 8:37:08 PM - Installed AVG 2011

RP226: 11/1/2010 8:38:39 PM - Removed AVG Free 9.0

RP227: 11/2/2010 9:00:23 AM - Software Distribution Service 3.0

RP228: 11/3/2010 7:20:32 AM - Removed AVG 2011

RP229: 11/3/2010 9:00:22 AM - Software Distribution Service 3.0

RP230: 11/4/2010 9:00:24 AM - Software Distribution Service 3.0

RP231: 11/4/2010 12:46:48 PM - Software Distribution Service 3.0

RP232: 11/5/2010 9:00:23 AM - Software Distribution Service 3.0

RP233: 11/5/2010 10:43:05 PM - Software Distribution Service 3.0

RP234: 11/6/2010 9:00:23 AM - Software Distribution Service 3.0

RP235: 11/7/2010 8:01:07 AM - System Checkpoint

RP236: 11/7/2010 9:00:24 AM - Software Distribution Service 3.0

RP237: 11/7/2010 11:10:20 PM - Software Distribution Service 3.0

RP238: 11/8/2010 9:00:23 AM - Software Distribution Service 3.0

RP239: 11/8/2010 10:41:24 PM - Software Distribution Service 3.0

RP240: 11/9/2010 9:00:24 AM - Software Distribution Service 3.0

RP241: 11/9/2010 4:35:45 PM - Installed Java 6 Update 22

RP242: 11/10/2010 9:00:21 AM - Software Distribution Service 3.0

RP243: 11/11/2010 10:17:50 AM - Software Distribution Service 3.0

RP244: 11/12/2010 9:00:31 AM - Software Distribution Service 3.0

RP245: 11/13/2010 9:00:23 AM - Software Distribution Service 3.0

RP246: 11/13/2010 8:50:01 PM - Software Distribution Service 3.0

RP247: 11/14/2010 10:13:43 PM - System Checkpoint

RP248: 11/15/2010 9:00:25 AM - Software Distribution Service 3.0

RP249: 11/15/2010 11:43:09 PM - Software Distribution Service 3.0

RP250: 11/16/2010 7:40:54 AM - Removed Ask Toolbar.

RP251: 11/16/2010 9:00:24 AM - Software Distribution Service 3.0

RP252: 11/16/2010 11:05:58 PM - Software Distribution Service 3.0

RP253: 11/17/2010 9:00:25 AM - Software Distribution Service 3.0

RP254: 11/17/2010 11:29:16 PM - Software Distribution Service 3.0

RP255: 11/18/2010 9:00:28 AM - Software Distribution Service 3.0

RP256: 11/19/2010 8:45:15 AM - Software Distribution Service 3.0

RP257: 11/20/2010 10:16:42 AM - Software Distribution Service 3.0

RP258: 11/21/2010 12:36:29 AM - Software Distribution Service 3.0

RP259: 11/22/2010 1:18:20 AM - System Checkpoint

RP260: 11/22/2010 9:00:25 AM - Software Distribution Service 3.0

RP261: 11/22/2010 2:41:19 PM - Installed HiJackThis

 

==== Installed Programs ======================

 

32 Bit HP CIO Components Installer

Acrobat.com

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.2

Advanced SystemCare 3

AiO_Scan_CDA

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auslogics Disk Defrag

AutoUpdate

AviSynth 2.5

Azureus

Bejeweled 2 Deluxe (remove only)

Bonjour

BufferChm

C4600

CCleaner (remove only)

CCScore

CDBurnerXP Pro 3

CDisplay 1.8

CDisplayEx 1.2

Champions Online

City of Heroes (remove only)

COH Character Creator

Compatibility Pack for the 2007 Office system

Corel Paint Shop Pro X

CR2

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Media Experience

Dell Media Experience Update

DellSupport

Destinations

DeviceDiscovery

DivX Codec

DivX Converter

DivX Player

DivX Web Player

DivxToDVD 0.5.2

Duplicate Cleaner 1.4.4

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVDFab HD Decrypter 3.1.1.6

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

essvcpt

ESSvpaht

ESSvpot

ExtractNow

ffdshow [rev 1324] [2007-07-01]

Filseclab Personal Firewall

Free Registry Defrag

Free YouTube Download 2.2

FrostWire 4.21.1

getPlus®_dll

Google Earth

Google Update Helper

Google Updater

GPBaseService2

Guitar Guru Version 2.2.5.0

Hallmark Card Studio Special Edition

HiJackThis

HijackThis 2.0.2

HLPIndex

HLPPDOCK

HLPSFO

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5

HP Print Projects 1.0

HP PSC & OfficeJet 6.1.A

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update

hpPrintProjects

HPProductAssistant

hpWLPGInstaller

ImgBurn

Intel® 537EP V9x DF PCI Modem

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

iTunes

Jasc Paint Shop Photo Album

Java Auto Updater

Java DB 10.3.1.4

Java 6 Update 22

Kodak EasyShare software

KSU

Lexmark 4200 Series Fax Solutions

Lexmark Fax Solutions

Macromedia Shockwave Player

Malwarebytes' Anti-Malware

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Modem Event Monitor

Modem Helper

Modem On Hold

Mozilla Firefox (3.6.12)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

Musicmatch® Jukebox

My Way Search Assistant

Mystery Case Files - Prime Suspects (remove only)

Notifier

OfotoXMI

OTtBP

OTtBPSDK

Panda NanoScan

Photo Click

PowerDVD 5.3

PS_AIO_05_C4600_Software_Min

QFolder

QuickTime

Real Alternative 1.7.5

RealPlayer

RegScrubXP 5.1

Revo Uninstaller 1.83

Rhapsody Player Engine

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SFR

SFR2

SHASTA

SKIN0001

SKINXSDK

Smart Defrag

SmartWebPrinting

SolutionCenter

SpywareBlaster 4.4

Status

System Requirements Lab

TomTom HOME 2.7.5.2014

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

Tweak UI

Uninstall 1.0.0.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.762

VideoLAN VLC media player 0.8.5

VidiotMaps Map Overlay

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VPRINTOL

Vuze Launcher

WebFldrs XP

WebReg

WinDirStat 1.1.2

Windows Backup Utility

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Media Format Runtime

Windows Media Player 10

WIRELESS

Wise Registry Cleaner 4 Free 4.24

WordPerfect Office 12

XML Paper Specification Shared Components Pack 1.0

Yahoo! Anti-Spy

Yahoo! Toolbar

Yahoo! Toolbar for Internet Explorer

 

==== Event Viewer Messages From Past Week ========

 

11/20/2010 10:19:24 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/20/2010 10:19:21 AM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).

11/15/2010 11:44:04 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289187).

11/15/2010 11:43:46 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893).

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

This is the actual Hijack This log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:26:33 PM, on 11/22/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Filseclab\xfilter\xfilter.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Filseclab\FilMsg.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Documents and Settings\eric\Local Settings\Application Data\vz.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [PLNRNote] C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe

O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Filseclab Messenger.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

 

--

End of file - 7439 bytes

 

Thanks for the help.

Orbit

Share this post


Link to post
Share on other sites

Hello breakingorbit and :wp:

 

My name is JonTom

 

  • Malware Logs can sometimes take a lot of time to research and interpret.

  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

 

Before we do any fixing I would like to see the results of an ARK scan. Please do the following:

 

 

  • Please scan your system with GMER

     

     

    Posted Image

    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and post it in your reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries

 

Please post the GMER log in your next reply.

 

If the tool fails to run or if you have any trouble with it during its run come back and let me know.

 

 

 

 

Share this post


Link to post
Share on other sites

Jon Tom,

Thanks for the help. I am having trouble opening anything, even Firefox. Almost everything, asks me which program I want to use to open anything.ie Firefox,etc. I downloaded GMER, saved it to my desktop and got this error:

 

C:\DOCUME~\1\eric\LOCAL~1\temp\TEMPORARY DIRECTORY 3 for gmer.zip\gmer.exe Application not found.

 

I have to go to work I'll check back in when I get back home in about 14 hours.

Thanks again,

Orbit

Edited by breakingorbit

Share this post


Link to post
Share on other sites

Hello breakingorbit

 

I am having trouble opening anything

The malware on your system is trying to prevent our tools from running. Lets try this:

 

 

  • rkill

     

     

    • Please download rkill (Courtesy of Bleepingcomputer.com).
    • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
    • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
    • Note: You only need to get one of the tools to run, not all of them.

     

     

    1. rkill.exe

    2. rkill.com

    3. rkill.scr

    4. WiNlOgOn.exe

    5. uSeRiNiT.exe

     

    Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

     

    Run rkill repeatedly until it's able to do it's job. This may take a few tries.

     

    You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

     

    Once rkill has run please try GMER again. If you are still having problems try running GMER from Safe Mode:

     

  • Reboot Your System in Safe Mode

     

     

    • Restart your computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
    • Use the arrow keys to select the Safe mode menu item.
    • Press Enter.

    Let me know how you get on :)

Share this post


Link to post
Share on other sites

Hey Jon Tom. I finally was able to get rkill to run. I was then able to run GMER, and since running rkill my internet boots up normally.

 

Here is my GMER log:

 

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-11-24 15:50:41

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 Maxtor_6Y080M0 rev.YAR51HW0

Running: gmer.exe; Driver: C:\DOCUME~1\eric\LOCALS~1\Temp\uxtdqpow.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7A42112]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7A212D6]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7A214C8]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7A42900]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7A42BB4]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7A40E12]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7A43020]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7A423D2]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7A20F44]

 

---- Kernel code sections - GMER 1.0.15 ----

 

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7782760]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]

.text C:\Program Files\Java\jre6\bin\jqs.exe[572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01570001

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E00001

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 2 Bytes CALL 01810001

.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!LoadLibraryExW + C7 7C801BBC 1 Byte [85]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\services.exe[812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\lsass.exe[824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [88, 71]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A

.text C:\PROGRA~1\MOZILL~1\plugin-container.exe[984] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10405CF5 C:\PROGRA~1\MOZILL~1\xul.dll (Mozilla Foundation)

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]

.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E80001

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]

.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]

.text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009E0001

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]

.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExW + C4

Share this post


Link to post
Share on other sites

Hello breakingorbit

 

Thank you for the log.

 

Please do the following:

 

  • DeFogger

     

     

    • Please download DeFogger to your desktop.
    • Click on DeFogger to run the tool.
    • The application window will appear.
    • Click the Disable button to disable your CD Emulation drivers.
    • Click Yes to continue.
    • A 'Finished!' message will appear.
    • Click OK.
    • DeFogger will now ask to reboot the machine - click OK.

      IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

      Do not re-enable these drivers until otherwise instructed.

  • Download Combofix and RE-NAME it BEFORE saving

     

     

    • Download Combofix from either of the links below. You must rename it to orbit.com before saving it.
    • Save it to your desktop. Change the "save as file type" to "all files".
    • Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

     

    • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

     

    Link 1

    Link 2

     

     

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

     

    • NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

     

    • Double click on the renamed ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Share this post


Link to post
Share on other sites

Jon Tom

 

Here is my COMBO FIX report:

 

ComboFix 10-11-24.04 - eric 11/25/2010 15:16:51.6.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.1962 [GMT -5:00]

Running from: c:\documents and settings\eric\Desktop\orbit.com.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\April\g2mdlhlpx.exe

c:\documents and settings\eric\Local Settings\Application Data\opRSK

c:\documents and settings\eric\Local Settings\Temporary Internet Files\0XyB4.jpg

c:\documents and settings\eric\Local Settings\Temporary Internet Files\a1jx3.jpg

c:\documents and settings\eric\Local Settings\Temporary Internet Files\oak480L6X.jpg

c:\documents and settings\eric\Local Settings\Temporary Internet Files\X1N0lxlo.jpg

c:\documents and settings\eric\System

c:\documents and settings\eric\System\win_qs7.jqx

 

.

((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 )))))))))))))))))))))))))))))))

.

 

2010-11-22 22:31 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-11-22 22:31 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll

2010-11-22 22:31 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-11-22 22:31 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-11-22 22:29 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-11-22 22:28 . 2010-11-22 22:44 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-11-22 22:28 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-11-22 22:28 . 2010-11-22 22:45 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-11-22 22:28 . 2010-11-25 20:23 -------- d-----w- c:\program files\Spyware Doctor

2010-11-22 22:28 . 2010-11-22 22:31 -------- d-----w- c:\program files\Common Files\PC Tools

2010-11-22 22:28 . 2010-11-22 22:28 -------- d-----w- c:\documents and settings\eric\Application Data\PC Tools

2010-11-22 22:28 . 2010-11-22 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-11-22 20:26 . 2010-11-22 20:26 388096 ----a-r- c:\documents and settings\eric\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-11-22 20:23 . 2010-11-22 20:23 -------- d-----w- C:\hijack this

2010-11-20 15:38 . 2010-11-20 15:38 -------- d-----w- c:\documents and settings\Madison_2\Application Data\IObit

2010-11-17 02:08 . 2010-11-17 02:08 -------- d-----w- c:\program files\Yahoo! Games

2010-11-16 03:02 . 2010-11-23 01:05 -------- d-----w- c:\documents and settings\boston\Application Data\FrostWire

2010-11-16 03:01 . 2010-11-16 03:03 -------- d-----w- c:\program files\FrostWire

2010-11-03 19:07 . 2010-11-03 19:07 -------- d-----w- c:\documents and settings\boston\Local Settings\Application Data\Octoshape

2010-11-02 00:33 . 2010-11-02 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2010-11-01 21:30 . 2010-11-01 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2010-10-30 20:13 . 2010-10-30 20:13 -------- d-----w- c:\documents and settings\boston\Application Data\.minecraft

2010-10-29 21:18 . 2010-10-29 21:20 -------- d-----w- c:\windows\$regcmp$

2010-10-29 21:14 . 2010-10-29 21:14 -------- d-----w- c:\program files\Registry Clean Expert

2010-10-29 21:11 . 2010-10-29 21:11 -------- d-----w- c:\program files\Auslogics

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-06 11:34 . 2010-09-26 02:09 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-09-18 16:23 . 2004-08-12 13:59 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-12 13:59 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-12 13:59 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-12 13:59 953856 ------w- c:\windows\system32\mfc40u.dll

2010-09-15 09:50 . 2010-05-02 18:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 07:29 . 2008-01-25 01:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 05:58 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:51 . 2004-08-12 13:55 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2004-08-12 14:09 1852800 ----a-w- c:\windows\system32\win32k.sys

2005-09-23 17:22 . 2005-09-23 17:22 774144 -c--a-w- c:\program files\RngInterstitial.dll

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2006-05-06 16:42 . 2006-06-07 12:30 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PLNRNote"="c:\program files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe" [2004-11-23 30720]

"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2008-11-06 202256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"XFILTER"="c:\program files\Filseclab\xfilter\xfilter.exe" [2006-12-23 901120]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-11-22 1287120]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Filseclab Messenger.lnk - c:\program files\Common Files\Filseclab\FilMsg.exe [2009-7-17 326192]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^eric^Start Menu^Programs^Startup^MostFun.lnk]

backup=c:\windows\pss\MostFun.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-10-14 18:46 77824 -c--a-w- c:\windows\SYSTEM32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-10-14 18:50 114688 -c--a-w- c:\windows\SYSTEM32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

2003-09-04 02:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2005-03-12 12:25 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mm_server]

2005-03-12 12:25 102400 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=

"c:\\Program Files\\Filseclab\\xfilter\\xfilter.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\boston\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

 

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [9/25/2010 9:09 PM 64288]

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [11/22/2010 5:28 PM 218592]

R0 XPacket;Filseclab Packet Filter;c:\windows\SYSTEM32\xpacket.sys [7/17/2009 9:37 AM 126224]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/22/2010 5:31 PM 112592]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/22/2010 5:28 PM 366840]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 9:41 AM 92008]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1375992]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15264]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2010 2:28 PM 135664]

S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [11/19/2007 12:17 PM 20992]

S3 MusCDriverV32;MusCDriverV32;c:\windows\SYSTEM32\DRIVERS\MusCDriverV32.sys [7/19/2007 1:34 PM 513152]

S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [3/26/2007 1:34 PM 642560]

 

--- Other Services/Drivers In Memory ---

 

*Deregistered* - PCTSDInjDriver32

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2010-11-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 03:12]

 

2010-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

 

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 19:28]

 

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 19:28]

 

2010-11-22 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-07-18 16:57]

 

2010-11-25 c:\windows\Tasks\User_Feed_Synchronization-{45E19374-C640-46D3-8F20-A43506F7759B}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

LSP: c:\program files\Filseclab\xfilter\XFILTER.DLL

Trusted Zone: intuit.com\ttlc

Trusted Zone: musicmatch.com\online

FF - ProfilePath - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\a4b7s8lp.eric\

FF - prefs.js: browser.startup.homepage - www.my.yahoo.com

FF - plugin: c:\documents and settings\boston\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-25 15:23

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwClose

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

@=""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

@=""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG08.00.00.01WORKSTATION"="7E4583FED74A2E8AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DBA7FD869164D6794A2D97226D213B55546D349E64DF6DFB0A5421B5A0066600A314EF97E601E68365CCBE761943D60B3FD2E915DEABCB0530EE3CBA4BBCDA408A536DEDD12C9224C5DC525C937322B12770E75837A3BB24752FD62C6D4ED44E3361B424E59D273946A3A92B8F6B4246420469908866C1E852896702A2EC0F1A0FED345140CD22CB8A171FBEB3F9F599C3BAE9741B28BDDEB15B67DDD3D031824E93B7A1716A852C97434A14291128E165EA37C28B29812BB766902910E36D0B839ACE6E1F575A03A2853B841006FB80B76834859CFD68D9A7B406D1CBD9F6F8D018B8721C0A00361D720E70FB4DE039BC033F115E851571128CF9F787EC7F5352ABDCBAA9B549B7B6FF04BF8EBCACC4ED098E041EDD0AB8E533170C2177B9EA4722B94F3447DBF2732A074ECF463A60A0DA1F1666467FAE12B002ABE624D55B669C1BA18084E7968B58EE501351B5A1B30BBF731656967C1AC5D0950CD123A2B747488D4493E0626629D176BA32A5EB2C85C36F21FEE48482D6FC003DA61A2A24CB8BD8F8287D7AB7833760ACD0B64E43B79E59F51D2AAF0545CF584A09A96A57D078C4D3CA613A887BAE0DA537CCDA93C90B45153B54D1F9C52C4A64A5ED29C695E1CBA97DE91B076232E03688231DD57A0C3448C7C23975801395E1590C7D5C33F07A4C63660BA7E5EA2C954E258C2EBACA7D9FA4FD483A89ED5C6D35A1A8516B0DD7E10F6C2A32DE27C1B76AAC27A2B3DE916AF99BCEE07E1901D6B2AA1C03D3B22DF512FACA8E52C6B86BB27A30F1EDC06A3CF0CEACDBE095443D8B06B8269EC4B047831C7EDDC3993C02B6C5F6D1D9CEE4D161AA274EF53FD3FA7E2B829A05645480891F2FB1C8B8B21DA519264D88E8905CDFC5C1C0D86E03B7B7AFC76B98EED3018AC3EBC022AE12477F10BA9D3CB2DDFD9B0C262DFEB42848973E111E2AF98E354206F80409F94E8C22D4A54636FA8162E743648824EDB8E1E9043839DD50DADFB4D81FA5B7B98B40FA488E23419BC06544CC8B4E5005B6D9556B0BCBBA3057AE05B20C12FCF556D47C130B3C36B1D2FEA02C36ECBD3645BE28CEF0EE8BEB0DF6C34AC5267B22721E42D5D8B6510F3B6A1A021A44F248BB70DC179AFA1CFB2141805BE0B87405E7D7958659340B1DDE43EF791E859CC5B032DC679B93505A17074409EAF6315BE5828F54D584E80EC289A9D77AFAAAE52627231CFACC89009F5249CC8E6A75400A7ABFBD0495E2E259023E7EA52572FE1221ED913E85628E6465D94EF3D4FA64F0ACD265D3B94F4FED25974388F47356FAE87DD0AB6A98430296E657AA12EB44A3D70731666650F6848D223DD08"

"OODEFRAG10.00.00.01WORKSTATION"="8E7C3B009A948DD467399BD48987C76EB612FC3E4E591363260007F9738D7F9E07DB59BFAF6FDEA3F16FCAE274E8B0BA41188807CA6FE03250FB7CEE00FD5C2792C505C7A0226EEAF7007F96438F74EFA2709E312B53D943660E163BAF07EB22A4028C4779A1FA90E9BB6DF490CA4793E69279ACB7CC46DFB476B264170A2CB665381574BF88563EEBD39E816C0DF06ED158A670AB480190B8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D6794198734B519E7B20E758FD09A96559186B2346C664E1486E7C188128A9C7DBF8DEAAB84EF4644242E319E2B169FF7D7E33FEEA0FD485848FB75A9C162F7EE4620F12ADBCF54863D473531DB7261E368FBD9C999CDF560A8F0D0862E364A42DFE23705571A90EDDE53B74DEFA1216D6485FD71789AB336ACD6B78EA8B4A8D210E5A910998CE750307F4ECAFC8DC47B346A0B62DF9680751E78740684FCCC94A16C9BF3C7556C129A2DF3D817125A0B824A47EF776C04D106D034039BA7960E21F043AD8B97D730CCF20AF85A7D102CBE75DA42EA39850E370E89F34ABE86D8DE9EBC8E13E983393919D281E495BA031CF5D0D2E90CF204C3946796F03EC1A3715704BA0F57EDD0951D751B5913D14991031BEFA8EBDBA206FAA97FF49A14AF302DFDAAB6DFBAAEDAB0FD455E1F71C9D90D0D3EDDD0F56A180E0C963EB7E9543AEA6E2C4174B09C4ABADA509E5C5AE474B55FB2C5A89A6FDA4D3196B971D47BEE0D815E6EFEBAFA6253E062C85DEE10A5542E19A0D2C5DBF2EA9D11D7158CA3F442C538FED7673D6CC8C6758FABB75272F17B1031A5986DC8CEBAE78CE3695F35702C01B8CFE96AF09B2756AAC1E0C8284EA9893F6B58F487165654D2156AD35B308BD565A8991EBD0282A8D210B922D3DC81CD16DE6E579F8E2261A551B0BCDA4E9FA7D21A7006E5663CE0C7F9B6A4CA41317686B1E50F453D336E053902E6664A85BAD2CF8DE7BFE39AC8CBD96FA723D846F262097128F0588231F65B4AB579D840293AE7B41964CE4AFE2679209737B1B785837EE5445F4BED2F0440141E4F62B5DD63F4CB85B2ABD974201A29F4278CDBC4C41E3A988E36B645386113AC6A84301B2B7F5EACCC32BDEE0A6E8C53D661F01D84690E6F446D82A3A4AB1E7D8E0FDFF474819BA098524C89B59F735BEA5B96CAA7D5212488F65B4D5D032DC34687D4D4A3E9548A40AC4030F9CA2B49D1D650E296CBD629A710AC1AFB3CDF46DEA30676A31D822532173B26B17CA06E386808CA3A28BA04B0A5C8B51C2176DE68D24FEA61703F3FA01B3F80BA3C6AAD1255893E063CF7CD79DDE620DEF0D87BB835EC984E2F493B81F43428F8013F7F969905CAEACDDFB399"

.

Completion time: 2010-11-25 15:27:09

ComboFix-quarantined-files.txt 2010-11-25 20:27

ComboFix2.txt 2010-03-15 16:43

 

Pre-Run: 5,323,124,736 bytes free

Post-Run: 6,157,029,376 bytes free

 

Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - F292025A7027F47282EC55802532C845

 

Thanks Orbit

Share this post


Link to post
Share on other sites

Hello breakingorbit

 

Thank you for the log.

 

I can see evidence of IoBit, FrostWire and Azureus on your machine.

 

I remember the last time you were here, we discussed the dangers and alleged "questionable practices" of these programs. If you choose to keep these programs thats up to you, but please do not use them during the course of the fix.

 

 

  • Trusted Zones:

     

     

    • I can see that you have a web site stored in the "Trusted Zones" section of your log. The only advantage to having a domain stored in your Trusted Zones, is that the domain will not prompt you for any permission before installing software or updates from the "trusted" site. This also means however, that if a malware exploit comes out where a site can spoof their domain name to match one stored in your Trusted Zones, then you will never know when (or what) they install on your machine.
    • If you remove the zones, these sites will still be able to install software, but only after receiving permission from you to do so, putting you back in control.
    • I suggest you remove the following entries:

    • Trusted Zone: intuit.com\ttlc
    • Trusted Zone: musicmatch.com\online

  • Although these sites are safe, we do not reccommend placing any sites in the Trusted Zone, as they may become exploitable.

 

  • You can remove sites from your Trusted Zones via:
  • IE > Tools > Internet Options > Security tab > Trusted Zone > Sites.
  • For more information regarding the addition of sites to your Trusted Zones, click here.

Clean out your temporary files

 

 

  • Please download ATF Cleaner by Atribune by clicking here and save the file (called ATF-Cleaner.exe) to your desktop.
  • Run the program by double clicking the ATF-Cleaner.exe icon located on your desktop.
  • Check the boxes to the left of the following:

  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Java Cache

  • The rest are optional. If you want to remove everything check the "Select All" box.
  • Click on "Empty Selected" to begin cleaning.
  • Once the "Done Cleaning" message appears, click OK.
  • If you use Firefox, Click on the Firefox tab and repeat the above process.
  • When you have finished cleaning, click on the "Exit" button in the main menu.

MalwareBytes AntiMalware:

 

 

  • I can see that you have MBAM installed.
  • Double click on your MalwareBytes AntiMalware icon to launch the program.
  • Click on the "Update" tab and then on "Check for Updates".
  • The program will now install the latest Malware definition files.
  • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
  • Once the program has scanned your computer, a log file will be created in Notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

 

  • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
  • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
  • Come back here to this thread and Paste the log in your next reply.

Please run the following scan

 

 

  • Note: You will need to use Internet Explorer for this scan.
  • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
  • Please disable your real time security programs before performing the scan.

 

  • Scan your system with Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.

 

  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the "Start" button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please post the MBAM log and the ESET log in your next reply and let me know how the machine is running now.

Share this post


Link to post
Share on other sites

Jon Tom here are my scan reports. I also deleted IOBIT and Frostwire. Had forgotten about them. I have not used Azarus for a long time, but think I'll I'll keep it for now.

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 5192

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

11/26/2010 8:06:15 AM

mbam-log-2010-11-26 (08-06-15).txt

 

Scan type: Quick scan

Objects scanned: 194279

Time elapsed: 8 minute(s), 28 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Documents and Settings\eric\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

C:\Documents and Settings\eric\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

 

 

C:\Documents and Settings\eric\Application Data\Sun\Java\Deployment\cache\6.0\45\658d68ad-512b88f5 a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined

C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP265\A0031459.exe a variant of Win32/Kryptik.IJE trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP270\A0032696.ocx probably a variant of Win32/Adware.Agent.LCKGTSG application cleaned by deleting - quarantined

 

Thanks Again.

Orbit

Share this post


Link to post
Share on other sites

Hello breakingorbit

 

Thank you for the logs.

 

Please do the following:

 

 

  • Please create a new System Restore point

     

     

  • Click on "Start" > "All Programs" > "Accessories" > "System tools" > "System Restore".
  • In the dialogue box that appears select "Create a Restore Point".
  • Click "Next".
  • Enter a name
  • e.g. Todays date.
  • Click "Create".

Please let me know how your machine is running now and post a new DDS log.

 

Share this post


Link to post
Share on other sites

Hello breakingorbit

 

not sure which program the DDS log is

Are you unable to find the DDS log or are you unsure which program is DDS (I'm a little confused by your last message).

 

When you first created this thread, you provided a log from DDS (post number 1). You should still have DDS on your desktop. I would like to see the log created from a new DDS scan.

 

The DDS.txt log should open automatically once the scan has completed.

 

If you are unable to find the DDS scanner on your desktop, please do the following:

 

 

  • Please perform the following scan

     

     

  • Please download DDS from here and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click on the DDS icon to run the tool (may take up to 3 minutes to run).
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.

Share this post


Link to post
Share on other sites

lol I found it, it WAS on my desktop. Sorry. Anyways here are the scans:

 

 

DDS (Ver_10-11-10.01) - NTFSx86

Run by eric at 20:19:02.92 on Mon 11/29/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.1911 [GMT -5:00]

 

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Filseclab\xfilter\xfilter.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Filseclab\FilMsg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\eric\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://my.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll

BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [PLNRNote] c:\program files\sierrahome\hallmark card studio special edition\planner\PLNRNote.exe

uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [XFILTER] "c:\program files\filseclab\xfilter\xfilter.exe" -a

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\filseclab messenger.lnk - c:\program files\common files\filseclab\FilMsg.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\program files\filseclab\xfilter\XFILTER.DLL

Trusted Zone: musicmatch.com\online

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\a4b7s8lp.eric\

FF - prefs.js: browser.startup.homepage - www.my.yahoo.com

FF - plugin: c:\documents and settings\boston\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-25 64288]

R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [2009-7-17 126224]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1375992]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15264]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-11-19 20992]

S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007-7-19 513152]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-11-13 394160]

 

=============== Created Last 30 ================

 

2010-11-29 03:15:27 -------- d-----w- c:\program files\FrostWire

2010-11-29 03:15:05 -------- d-----w- c:\program files\Ask.com

2010-11-26 13:15:50 -------- d-----w- c:\program files\ESET

2010-11-26 12:54:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-26 12:54:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 12:54:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-26 12:51:27 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\Threat Expert

2010-11-25 20:12:59 98816 ----a-w- c:\windows\sed.exe

2010-11-25 20:12:59 89088 ----a-w- c:\windows\MBR.exe

2010-11-25 20:12:59 256512 ----a-w- c:\windows\PEV.exe

2010-11-25 20:12:59 161792 ----a-w- c:\windows\SWREG.exe

2010-11-22 20:26:15 388096 ----a-r- c:\docume~1\eric\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-11-22 20:23:05 -------- d-----w- C:\hijack this

2010-11-17 02:08:04 -------- d-----w- c:\program files\Yahoo! Games

2010-11-02 00:33:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2010-11-01 21:30:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment

 

==================== Find3M ====================

 

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll

2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2005-09-23 17:22:24 774144 -c--a-w- c:\program files\RngInterstitial.dll

 

============= FINISH: 20:19:57.76 ===============

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-11-10.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 12/22/2007 9:08:48 PM

System Uptime: 11/29/2010 7:14:56 AM (13 hours ago)

 

Motherboard: Dell Inc. | | 0M3918

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 72 GiB total, 5.173 GiB free.

D: is CDROM ()

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP215: 10/25/2010 9:00:24 AM - Software Distribution Service 3.0

RP216: 10/26/2010 8:17:18 AM - Avg Update

RP217: 10/26/2010 9:00:22 AM - Software Distribution Service 3.0

RP218: 10/27/2010 9:00:24 AM - Software Distribution Service 3.0

RP219: 10/28/2010 9:00:23 AM - Software Distribution Service 3.0

RP220: 10/29/2010 9:00:24 AM - Software Distribution Service 3.0

RP221: 10/30/2010 10:42:48 AM - Software Distribution Service 3.0

RP222: 10/31/2010 12:48:13 AM - Software Distribution Service 3.0

RP223: 10/31/2010 9:00:24 AM - Software Distribution Service 3.0

RP224: 11/1/2010 8:32:20 AM - Software Distribution Service 3.0

RP225: 11/1/2010 8:37:08 PM - Installed AVG 2011

RP226: 11/1/2010 8:38:39 PM - Removed AVG Free 9.0

RP227: 11/2/2010 9:00:23 AM - Software Distribution Service 3.0

RP228: 11/3/2010 7:20:32 AM - Removed AVG 2011

RP229: 11/3/2010 9:00:22 AM - Software Distribution Service 3.0

RP230: 11/4/2010 9:00:24 AM - Software Distribution Service 3.0

RP231: 11/4/2010 12:46:48 PM - Software Distribution Service 3.0

RP232: 11/5/2010 9:00:23 AM - Software Distribution Service 3.0

RP233: 11/5/2010 10:43:05 PM - Software Distribution Service 3.0

RP234: 11/6/2010 9:00:23 AM - Software Distribution Service 3.0

RP235: 11/7/2010 8:01:07 AM - System Checkpoint

RP236: 11/7/2010 9:00:24 AM - Software Distribution Service 3.0

RP237: 11/7/2010 11:10:20 PM - Software Distribution Service 3.0

RP238: 11/8/2010 9:00:23 AM - Software Distribution Service 3.0

RP239: 11/8/2010 10:41:24 PM - Software Distribution Service 3.0

RP240: 11/9/2010 9:00:24 AM - Software Distribution Service 3.0

RP241: 11/9/2010 4:35:45 PM - Installed Java 6 Update 22

RP242: 11/10/2010 9:00:21 AM - Software Distribution Service 3.0

RP243: 11/11/2010 10:17:50 AM - Software Distribution Service 3.0

RP244: 11/12/2010 9:00:31 AM - Software Distribution Service 3.0

RP245: 11/13/2010 9:00:23 AM - Software Distribution Service 3.0

RP246: 11/13/2010 8:50:01 PM - Software Distribution Service 3.0

RP247: 11/14/2010 10:13:43 PM - System Checkpoint

RP248: 11/15/2010 9:00:25 AM - Software Distribution Service 3.0

RP249: 11/15/2010 11:43:09 PM - Software Distribution Service 3.0

RP250: 11/16/2010 7:40:54 AM - Removed Ask Toolbar.

RP251: 11/16/2010 9:00:24 AM - Software Distribution Service 3.0

RP252: 11/16/2010 11:05:58 PM - Software Distribution Service 3.0

RP253: 11/17/2010 9:00:25 AM - Software Distribution Service 3.0

RP254: 11/17/2010 11:29:16 PM - Software Distribution Service 3.0

RP255: 11/18/2010 9:00:28 AM - Software Distribution Service 3.0

RP256: 11/19/2010 8:45:15 AM - Software Distribution Service 3.0

RP257: 11/20/2010 10:16:42 AM - Software Distribution Service 3.0

RP258: 11/21/2010 12:36:29 AM - Software Distribution Service 3.0

RP259: 11/22/2010 1:18:20 AM - System Checkpoint

RP260: 11/22/2010 9:00:25 AM - Software Distribution Service 3.0

RP261: 11/22/2010 2:41:19 PM - Installed HiJackThis

RP262: 11/22/2010 3:24:15 PM - Removed HiJackThis

RP263: 11/22/2010 3:24:35 PM - Installed HiJackThis

RP264: 11/22/2010 3:25:39 PM - Removed HiJackThis

RP265: 11/22/2010 3:26:13 PM - Installed HiJackThis

RP266: 11/22/2010 10:02:24 PM - Software Distribution Service 3.0

RP267: 11/23/2010 9:00:25 AM - Software Distribution Service 3.0

RP268: 11/24/2010 9:00:33 AM - Software Distribution Service 3.0

RP269: 11/25/2010 9:00:32 AM - Software Distribution Service 3.0

RP270: 11/26/2010 9:00:56 AM - Software Distribution Service 3.0

RP271: 11/27/2010 9:00:25 AM - Software Distribution Service 3.0

RP272: 11/27/2010 9:17:32 PM - 11/27/2010

RP273: 11/28/2010 9:00:30 AM - Software Distribution Service 3.0

RP274: 11/28/2010 11:35:18 PM - Removed Ask Toolbar.

RP275: 11/29/2010 12:41:13 AM - Software Distribution Service 3.0

RP276: 11/29/2010 9:00:22 AM - Software Distribution Service 3.0

 

==== Installed Programs ======================

 

32 Bit HP CIO Components Installer

Acrobat.com

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.2

AiO_Scan_CDA

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Auslogics Disk Defrag

AutoUpdate

AviSynth 2.5

Azureus

Bejeweled 2 Deluxe (remove only)

Bonjour

BufferChm

C4600

CCleaner (remove only)

CCScore

CDBurnerXP Pro 3

CDisplay 1.8

CDisplayEx 1.2

Champions Online

City of Heroes (remove only)

COH Character Creator

Compatibility Pack for the 2007 Office system

Corel Paint Shop Pro X

CR2

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Media Experience

Dell Media Experience Update

DellSupport

Destinations

DeviceDiscovery

DivX Codec

DivX Converter

DivX Player

DivX Web Player

DivxToDVD 0.5.2

Duplicate Cleaner 1.4.4

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVDFab HD Decrypter 3.1.1.6

ESET Online Scanner v3

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

essvcpt

ESSvpaht

ESSvpot

ExtractNow

ffdshow [rev 1324] [2007-07-01]

Filseclab Personal Firewall

Free Registry Defrag

Free YouTube Download 2.2

FrostWire 4.21.1

getPlus®_dll

Google Earth

Google Update Helper

Google Updater

GPBaseService2

Guitar Guru Version 2.2.5.0

Hallmark Card Studio Special Edition

HiJackThis

HijackThis 2.0.2

HLPIndex

HLPPDOCK

HLPSFO

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5

HP Print Projects 1.0

HP PSC & OfficeJet 6.1.A

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update

hpPrintProjects

HPProductAssistant

hpWLPGInstaller

ImgBurn

Intel® 537EP V9x DF PCI Modem

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

iTunes

Jasc Paint Shop Photo Album

Java Auto Updater

Java DB 10.3.1.4

Java 6 Update 22

Kodak EasyShare software

KSU

Lexmark 4200 Series Fax Solutions

Lexmark Fax Solutions

Macromedia Shockwave Player

Malwarebytes' Anti-Malware

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Modem Event Monitor

Modem Helper

Modem On Hold

Mozilla Firefox (3.6.12)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

Musicmatch® Jukebox

My Way Search Assistant

Mystery Case Files - Prime Suspects (remove only)

Notifier

OfotoXMI

OTtBP

OTtBPSDK

Panda NanoScan

Photo Click

PowerDVD 5.3

PS_AIO_05_C4600_Software_Min

QFolder

QuickTime

Real Alternative 1.7.5

RealPlayer

RegScrubXP 5.1

Revo Uninstaller 1.83

Rhapsody Player Engine

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SFR

SFR2

SHASTA

SKIN0001

SKINXSDK

Smart Defrag

SmartWebPrinting

SolutionCenter

SpywareBlaster 4.4

Status

System Requirements Lab

TomTom HOME 2.7.5.2014

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

Tweak UI

Uninstall 1.0.0.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.762

VideoLAN VLC media player 0.8.5

VidiotMaps Map Overlay

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VPRINTOL

Vuze Launcher

WebFldrs XP

WebReg

WinDirStat 1.1.2

Windows Backup Utility

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Media Format Runtime

Windows Media Player 10

WIRELESS

Wise Registry Cleaner 4 Free 4.24

WordPerfect Office 12

XML Paper Specification Shared Components Pack 1.0

Yahoo! Anti-Spy

Yahoo! Toolbar

Yahoo! Toolbar for Internet Explorer

 

==== Event Viewer Messages From Past Week ========

 

11/26/2010 8:10:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde

11/26/2010 6:58:16 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

11/22/2010 9:02:15 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289187).

11/22/2010 9:01:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893).

 

==== End Of File ===========================

Thanks, Orbit

Share this post


Link to post
Share on other sites

Hello breakingorbit

 

Thank you for the log.

 

  • Please un-install My Way Search Assistant

     

     

    • Click on "Start" then on "Control Panel" and then on "Add or remove programs".
    • Click on "remove a program". A list of currently installed programs will be displayed.
    • Find the "My Way Search Assistant" program, click on it once and then click on the "uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.

    Provided you are no longer experiencing problems I think we are almost done. Please work your way through the following steps:

     

  • Please Uninstall Combofix

     

     

    • Click on "Start" and then on "Run".
    • Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.

  • Removal of Tools

     

     

    • You no longer need DDS, GMER or rkill. Please delete them from your system.

  • Re-enable your drivers

     

     

    • To re-enable your Emulation drivers, double click on DeFogger to run the tool.
    • The application window will appear.
    • Click the Re-enable button to re-enable your CD Emulation drivers.
    • Click Yes to continue
    • A 'Finished!' message will appear.
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.

     

  • Your Adobe is out of date

     

     

    • You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here.
    • For more information and links to Adobe updates and downloads click here.

     

    Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.

     

  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

     

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.

    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.

    Web Browsers and Browser Security

     

    Firefox

    • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.

    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.

    Internet Explorer

    • The newest version of Internet Explorer is available from here.

    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.

    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.

    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.

    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.

    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.

Share this post


Link to post
Share on other sites

Jon Tom, I did all the steps you mentioned, but I did not have My way search assistant in my add/remove programs list. I even did a c"/ drive search it did not show there either. The Adobe reader did not load. I got an error 1402 key not found. Other then those two, I seem good to go. If I need to do something else please let me know, if not I appreciate you taking your time to help me out.

Thanks Again, Orbit

Share this post


Link to post
Share on other sites

Jon Tom, I was going thru step 6 on your recommendations. Somewhere along the way, Mcafee installed on my computer. I went into add/remove and deleted it. I went to DOWNLOAD.COM to install AVG because it seemed to have been deleted from my system. When it installed it started popping up that I had malware again."?" NOW I have something called THINK POINT, that is locking me out of my log on. Its not in my add/remove. I had to log on my my wife's account to post here. What did I do wrong? Please help me clear this out also. I thought I was doing everything safely, but obviously not.

Sorry to bother you again,Orbit

Share this post


Link to post
Share on other sites

Hello breakingorbit

 

Are you able to log into your account from Safe Mode?

 

Please post a new DDS log in your next reply.

Share this post


Link to post
Share on other sites

Hello breakingorbit,

 

JonTom is away and I will be helping you, please post the new DDS log, your wifes account will be fine

Share this post


Link to post
Share on other sites

Hi ken545 Thanks for helping me. I was able to log onto my account. I think maybe my AVG may have removed thinkpoint. Here are my logs:

 

 

DDS (Ver_10-11-10.01) - NTFSx86

Run by eric at 9:08:25.73 on Fri 12/03/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.1910 [GMT -5:00]

 

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: Filseclab Personal Firewall *disabled* {EB4DA513-3B0A-4FCB-86A7-F1243757EFF2}

 

============== Running Processes ===============

 

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Filseclab\xfilter\xfilter.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Filseclab\FilMsg.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\eric\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://my.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

uWinlogon: Shell=c:\documents and settings\eric\application data\hotfix.exe

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [PLNRNote] c:\program files\sierrahome\hallmark card studio special edition\planner\PLNRNote.exe

uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Mqaquc] rundll32.exe "c:\windows\wfctfoc.dll",Startup

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [XFILTER] "c:\program files\filseclab\xfilter\xfilter.exe" -a

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Hmihosob] rundll32.exe "c:\windows\ahicenay.dll",Startup

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\filseclab messenger.lnk - c:\program files\common files\filseclab\FilMsg.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\program files\filseclab\xfilter\XFILTER.DLL

Trusted Zone: musicmatch.com\online

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: igfxcui - igfxdev.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\a4b7s8lp.eric\

FF - prefs.js: browser.startup.homepage - www.my.yahoo.com

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\boston\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {418768E4-B033-4887-960E-DAD53606F3B7} - c:\documents and settings\eric\local settings\application data\{418768E4-B033-4887-960E-DAD53606F3B7}

FF - HiddenExtension: XULRunner: {89F05485-0F74-46F2-AC05-E72636C93FD4} - c:\documents and settings\april\local settings\application data\{89F05485-0F74-46F2-AC05-E72636C93FD4}

FF - HiddenExtension: XULRunner: {279D3D29-2FBA-469D-9813-664B94BB10B1} - c:\documents and settings\boston\local settings\application data\{279D3D29-2FBA-469D-9813-664B94BB10B1}

FF - HiddenExtension: XULRunner: {F09CC1A5-D567-4135-AA88-3BA18EA22BE1} - c:\documents and settings\madison_2\local settings\application data\{F09CC1A5-D567-4135-AA88-3BA18EA22BE1}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

 

============= SERVICES / DRIVERS ===============

 

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-25 64288]

R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [2009-7-17 126224]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-30 517448]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1375992]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15264]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-11-19 20992]

S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007-7-19 513152]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-11-13 394160]

 

=============== Created Last 30 ================

 

2010-12-01 12:24:29 0 ----a-w- c:\windows\Mpemabowinewunoz.bin

2010-12-01 02:19:58 -------- d-----w- c:\docume~1\eric\applic~1\AVG10

2010-12-01 02:18:53 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2010-12-01 02:18:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-12-01 02:17:20 -------- d-----w- c:\windows\system32\drivers\AVG

2010-12-01 02:17:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2010-12-01 02:16:10 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\{418768E4-B033-4887-960E-DAD53606F3B7}

2010-12-01 02:14:23 78848 ----a-w- c:\docume~1\eric\locals~1\applic~1\414171.exe

2010-12-01 02:03:22 -------- dc-h--w- c:\windows\ie8

2010-12-01 01:35:51 -------- d-s---w- C:\orbit.com

2010-11-29 03:15:27 -------- d-----w- c:\program files\FrostWire

2010-11-26 13:15:50 -------- d-----w- c:\program files\ESET

2010-11-26 12:54:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-26 12:54:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 12:54:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-26 12:51:27 -------- d-----w- c:\docume~1\eric\locals~1\applic~1\Threat Expert

2010-11-22 20:26:15 388096 ----a-r- c:\docume~1\eric\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-11-22 20:23:05 -------- d-----w- C:\hijack this

2010-11-17 02:08:04 -------- d-----w- c:\program files\Yahoo! Games

2010-11-10 03:20:58 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys

 

==================== Find3M ====================

 

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll

2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

2005-09-23 17:22:24 774144 -c--a-w- c:\program files\RngInterstitial.dll

 

============= FINISH: 9:10:21.67 ===============

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-11-10.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 12/22/2007 9:08:48 PM

System Uptime: 12/1/2010 9:18:49 AM (48 hours ago)

 

Motherboard: Dell Inc. | | 0M3918

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 72 GiB total, 7.643 GiB free.

D: is CDROM ()

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

No restore point in system.

 

==== Installed Programs ======================

 

32 Bit HP CIO Components Installer

Acrobat.com

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.2

AiO_Scan_CDA

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auslogics Disk Defrag

AutoUpdate

AVG 2011

AviSynth 2.5

Azureus

Bejeweled 2 Deluxe (remove only)

Bonjour

BufferChm

C4600

CCleaner (remove only)

CCScore

CDBurnerXP Pro 3

CDisplay 1.8

CDisplayEx 1.2

Champions Online

City of Heroes (remove only)

COH Character Creator

Compatibility Pack for the 2007 Office system

Corel Paint Shop Pro X

CR2

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Media Experience

Dell Media Experience Update

DellSupport

Destinations

DeviceDiscovery

DivX Codec

DivX Converter

DivX Player

DivX Web Player

DivxToDVD 0.5.2

Duplicate Cleaner 1.4.4

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVDFab HD Decrypter 3.1.1.6

ESET Online Scanner v3

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSEMAIL

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

essvcpt

ESSvpaht

ESSvpot

ExtractNow

ffdshow [rev 1324] [2007-07-01]

Filseclab Personal Firewall

Free Registry Defrag

Free YouTube Download 2.2

FrostWire 4.21.1

getPlus®_dll

Google Earth

Google Update Helper

Google Updater

GPBaseService2

Guitar Guru Version 2.2.5.0

Hallmark Card Studio Special Edition

HiJackThis

HijackThis 2.0.2

HLPIndex

HLPPDOCK

HLPSFO

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5

HP Print Projects 1.0

HP PSC & OfficeJet 6.1.A

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update

hpPrintProjects

HPProductAssistant

hpWLPGInstaller

ImgBurn

Intel® 537EP V9x DF PCI Modem

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

iTunes

Jasc Paint Shop Photo Album

Java Auto Updater

Java DB 10.3.1.4

Java 6 Update 22

Kodak EasyShare software

KSU

Lexmark 4200 Series Fax Solutions

Lexmark Fax Solutions

Macromedia Shockwave Player

Malwarebytes' Anti-Malware

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Modem Event Monitor

Modem Helper

Modem On Hold

Mozilla Firefox (3.6.12)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

Musicmatch® Jukebox

My Way Search Assistant

Mystery Case Files - Prime Suspects (remove only)

Notifier

OfotoXMI

OTtBP

OTtBPSDK

Panda NanoScan

Photo Click

PowerDVD 5.3

PS_AIO_05_C4600_Software_Min

QFolder

QuickTime

Real Alternative 1.7.5

RealPlayer

RegScrubXP 5.1

Revo Uninstaller 1.83

Rhapsody Player Engine

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SFR

SFR2

SHASTA

SKIN0001

SKINXSDK

Smart Defrag

SmartWebPrinting

SolutionCenter

SpywareBlaster 4.4

Status

System Requirements Lab

TomTom HOME 2.7.5.2014

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

Tweak UI

Uninstall 1.0.0.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.762

VideoLAN VLC media player 0.8.5

VidiotMaps Map Overlay

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VPRINTOL

Vuze Launcher

WebFldrs XP

WebReg

WinDirStat 1.1.2

Windows Backup Utility

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Media Format Runtime

Windows Media Player 10

WIRELESS

Wise Registry Cleaner 4 Free 4.24

WordPerfect Office 12

XML Paper Specification Shared Components Pack 1.0

Yahoo! Anti-Spy

Yahoo! Toolbar

Yahoo! Toolbar for Internet Explorer

 

==== Event Viewer Messages From Past Week ========

 

12/1/2010 7:34:00 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer D92F74B1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{98DD4449-EC83-4523-. The master browser is stopping or an election is being forced.

11/30/2010 9:11:27 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

11/27/2010 9:02:25 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289187).

11/27/2010 9:01:30 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893).

11/26/2010 8:10:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde

11/26/2010 6:58:16 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

 

==== End Of File ===========================

 

 

Thanks again for helping me.

Orbit

Share this post


Link to post
Share on other sites

Hi,

 

Still looking at some markers in your log for ThinkPoint.

 

 

You need to enable windows to show all files and folders, instructions Here

 

Go to VirusTotal and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again

 

 

c:\windows\wfctfoc.dll

c:\windows\ahicenay.dll

 

If the site is busy you can try this one

 

http://virusscan.jotti.org/en

 

 

 

 

 

 

Drag Combofix to the trash and download a fresh copy.

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DDS::

 

 

DDS::
uWinlogon: Shell=c:\documents and settings\eric\application data\hotfix.exe
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

File::
c:\documents and settings\eric\application data\hotfix.exe

Save this as CFScript to your desktop.

 

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

 

Posted Image

 

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

 

 

There are still a few more things to check, just don't want to overwhelm you

Share this post


Link to post
Share on other sites

Good Morning Orbit,

 

These two

 

c:\windows\wfctfoc.dll<--This file

c:\windows\ahicenay.dll<--This file

Share this post


Link to post
Share on other sites

ken Here is my log from the second link. The first one kept saying not found.

 

 

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

ahicenay.dll

Submission date:

2010-12-04 14:36:13 (UTC)

Current status:

queued queued analysing finished

Result:

15/ 43 (34.9%)

 

VT Community

 

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2010.12.05.00 2010.12.04 Trojan/Win32.Hiloti

AntiVir 7.10.14.189 2010.12.03 -

Antiy-AVL 2.0.3.7 2010.12.04 -

Avast 4.8.1351.0 2010.12.04 -

Avast5 5.0.677.0 2010.12.04 -

AVG 9.0.0.851 2010.12.04 -

BitDefender 7.2 2010.12.04 Gen:Variant.Kazy.4284

CAT-QuickHeal 11.00 2010.12.04 -

ClamAV 0.96.4.0 2010.12.04 -

Command 5.2.11.5 2010.12.04 -

Comodo 6944 2010.12.04 -

DrWeb 5.0.2.03300 2010.12.04 -

Emsisoft 5.0.0.50 2010.12.04 Gen.Variant!IK

eSafe 7.0.17.0 2010.12.02 -

eTrust-Vet 36.1.8017 2010.12.03 -

F-Prot 4.6.2.117 2010.12.03 -

F-Secure 9.0.16160.0 2010.12.04 Gen:Variant.Kazy.4284

Fortinet 4.2.254.0 2010.12.04 -

GData 21 2010.12.04 Gen:Variant.Kazy.4284

Ikarus T3.1.1.90.0 2010.12.04 Gen.Variant

Jiangmin 13.0.900 2010.12.04 -

K7AntiVirus 9.70.3162 2010.12.04 -

Kaspersky 7.0.0.125 2010.12.04 -

McAfee 5.400.0.1158 2010.12.04 Hiloti.gen.g

McAfee-GW-Edition 2010.1C 2010.12.04 -

Microsoft 1.6402 2010.12.04 Trojan:Win32/Hiloti.gen!D

NOD32 5673 2010.12.04 -

Norman 6.06.10 2010.12.04 -

nProtect 2010-12-04.01 2010.12.04 Gen:Variant.Kazy.4284

Panda 10.0.2.7 2010.12.04 Suspicious file

PCTools 7.0.3.5 2010.12.04 -

Prevx 3.0 2010.12.04 -

Rising 22.76.04.00 2010.12.04 -

Sophos 4.60.0 2010.12.04 Mal/Hiloti-C

SUPERAntiSpyware 4.40.0.1006 2010.12.04 -

Symantec 20101.2.0.161 2010.12.04 -

TheHacker 6.7.0.1.094 2010.12.01 -

TrendMicro 9.120.0.1004 2010.12.04 TROJ_HILOTI.SMEO

TrendMicro-HouseCall 9.120.0.1004 2010.12.04 TROJ_HILOTI.SMEO

VBA32 3.12.14.2 2010.12.03 -

VIPRE 7505 2010.12.04 Trojan.Win32.Hiloti.ba (v)

ViRobot 2010.12.4.4185 2010.12.04 -

VirusBuster 13.6.73.0 2010.12.03 Trojan.Hiloti.Gen!Pac.2

Additional information

Show all

MD5 : 2b82dd72c2fc87bcff834e2d30eb9c4b

SHA1 : ad153a528696e46171f97f0e72023975fe98c4dd

SHA256: c2f6d69602e48de492b8dfeeb125e604d21cb0222cdd8051f6acbe67ef59796a

ssdeep: 6144:JtIkSolDK9AZh8hYEaa4ocgUO2NnvZFme3tKZ8MgD+JE:BD5h8hYY4ocgUOQvPmkwZ8MT

File size : 282112 bytes

First seen: 2010-12-04 14:36:13

Last seen : 2010-12-04 14:36:13

TrID:

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

sigcheck:

publisher....: Ask.com

copyright....: Copyright © 2009

product......: Ask Install Checker

description..: Ask Install Checker

original name: n/a

internal name: Ask Install Checker

file version.: 1,4,0,0

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

 

[[ basic data ]]

entrypointaddress: 0xD508

timedatestamp....: 0x49DE9E91 (Fri Apr 10 01:19:13 2009)

machinetype......: 0x14c (I386)

 

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x2C7B0, 0x2C800, 7.75, 0f267a34032f5cad459d2864bccc7dba

.data, 0x2E000, 0x19DB4, 0x16E00, 6.24, 14d2512064e1355d5961b149780f2ed0

.rsrc, 0x48000, 0xDDA, 0xE00, 0.91, 3c96c367f80a61adc616fb7a04f34dfb

.reloc, 0x49000, 0x5EE, 0x600, 5.45, 69c5e4c74ddeef917733a171684b3735

 

[[ 5 import(s) ]]

KERNEL32.dll: CloseHandle, CreateFileMappingA, CreateProcessA, ExitProcess, FindClose, FindFirstFileA, GetACP, GetCommandLineA, GetLocaleInfoA, GetModuleHandleA, GetProcessWorkingSetSize, GetStartupInfoA, GetTickCount, GetVersionExA, GlobalAddAtomA, GlobalAlloc, GlobalReAlloc, HeapAlloc, HeapCreate, HeapDestroy, HeapReAlloc, InitializeCriticalSection, IsValidLocale, LCMapStringW, LoadLibraryA, LocalAlloc, MultiByteToWideChar, OpenProcess, OutputDebugStringA, RtlUnwind, SearchPathA, SetLastError, SetUnhandledExceptionFilter, TlsFree, VirtualAlloc, VirtualFree, WaitForMultipleObjects, WaitForSingleObject, lstrcatA, lstrcmpiA, lstrcpyA, lstrlenW

user32.dll: UpdateWindow, TranslateAcceleratorA, SystemParametersInfoA, ShowWindow, ScrollWindowEx, RemoveMenu, LoadMenuA, KillTimer, IsZoomed, GetCursorPos, FillRect, EnumChildWindows, DrawMenuBar, DestroyIcon, DefMDIChildProcA, CloseClipboard

advapi32.dll: ChangeServiceConfigW, EncryptFileA, AddAccessAllowedAceEx, AccessCheckByTypeAndAuditAlarmA, EnumServicesStatusExA, LookupPrivilegeValueW, LsaCreateTrustedDomain, QueryServiceConfigW, RegCreateKeyExW, EncryptionDisable

ddraw.dll: DirectDrawCreateClipper, DirectDrawEnumerateExW, GetSurfaceFromDC, DDGetAttachedSurfaceLcl

ole32.dll: CoCreateInstance, CoTaskMemAlloc, CoTaskMemFree, CoCreateGuid, CLSIDFromString

 

[[ 1 export(s) ]]

GetImageItemPropertyCount

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 182272

CompanyName: Ask.com

EntryPoint: 0xd508

FileDescription: Ask Install Checker

FileFlagsMask: 0x0017

FileOS: Win32

FileSize: 276 kB

FileSubtype: 0

FileType: Win32 DLL

FileVersion: 1,4,0,0

FileVersionNumber: 1.4.0.0

ImageVersion: 0.0

InitializedDataSize: 111104

InternalName: Ask Install Checker

LanguageCode: English (U.S.)

LegalCopyright: Copyright © 2009

LinkerVersion: 7.1

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Unknown

PEType: PE32

ProductName: Ask Install Checker

ProductVersion: 1,4,0,0

ProductVersionNumber: 1.4.0.0

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2009:04:10 03:19:13+02:00

UninitializedDataSize: 0

Symantec reputation:Suspicious.Insight

 

Thanks Orbit

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×