BleepingComputer.com: Windows XP: Explorer uploading large amout of packets

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Windows XP: Explorer uploading large amout of packets

#1 User is offline   FGerardo 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 12-November 11

Posted 12 November 2011 - 05:44 PM

I'm running Windows XP 32 bit.

In the past few days my internet connection has been badly congested about 50% of the time. I am (unfortunately) using a 1mbps connection but was uploading on average 3000 packets per second, more than I thought was possible on my connection. Using TCPView I found that the cause of this was explorer.exe. The only reason I can even access this website right now is because I ended Explorer. I've tried using Malwarebytes as I assume this is a type of malware, but it didn't solve the problem.

TCPView screenshot:

Posted Image

As you can see, there are lots of separate packets being sent. I don't know much about this but maybe its some DDOS attack?

Not really sure what to do next.

#2 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 12 November 2011 - 11:29 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.


IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#3 User is offline   FGerardo 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 12-November 11

Posted 13 November 2011 - 10:51 AM

Thank you very much for helping me out :)

Security Check:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 22
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````


MiniToolBox:

MiniToolBox by Farbar
Ran by GF (administrator) on 13-11-2011 at 12:19:14
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "127.0.0.1"
"network.proxy.socks", "127.0.0.1"
"network.proxy.socks_port", 9050
"network.proxy.socks_remote_dns", true
"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 secure.disc-soft.com
127.0.0.1 localhost
127.0.0.1 secure.disc-soft.com

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Dave

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter

Physical Address. . . . . . . . . : 00-03-C9-71-1C-74

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.10.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.10.1

DHCP Server . . . . . . . . . . . : 192.168.10.1

DNS Servers . . . . . . . . . . . : 192.168.10.1

Lease Obtained. . . . . . . . . . : 13 November 2011 00:31:24

Lease Expires . . . . . . . . . . : 20 November 2011 00:31:24

Server: UnKnown
Address: 192.168.10.1

Name: google.com
Addresses: 209.85.143.104, 209.85.143.99



Pinging google.com [209.85.143.99] with 32 bytes of data:



Reply from 209.85.143.99: bytes=32 time=24ms TTL=48

Request timed out.



Ping statistics for 209.85.143.99:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 24ms, Average = 24ms

Server: UnKnown
Address: 192.168.10.1

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 72.30.2.43, 98.137.149.56
98.139.180.149



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=128ms TTL=41

Reply from 98.139.180.149: bytes=32 time=124ms TTL=42



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 124ms, Maximum = 128ms, Average = 126ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 03 c9 71 1c 74 ...... Broadcom 802.11g Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.101 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.10.101 192.168.10.101 25
192.168.10.101 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.10.255 255.255.255.255 192.168.10.101 192.168.10.101 25
224.0.0.0 240.0.0.0 192.168.10.101 192.168.10.101 25
255.255.255.255 255.255.255.255 192.168.10.101 192.168.10.101 1
Default Gateway: 192.168.10.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/09/2011 07:01:35 PM) (Source: Application Error) (User: )
Description: Faulting application Steam.exe, version 1.0.1065.11, faulting module Steam.dll, version 2.0.1228.119, fault address 0x00200034.
Processing media-specific event for [Steam.exe!ws!]

Error: (11/08/2011 11:12:43 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 4328, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (11/08/2011 11:12:40 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (11/08/2011 11:12:40 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 4328, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (09/03/2011 02:57:54 PM) (Source: Application Error) (User: )
Description: Faulting application quake2.exe, version 0.0.0.0, faulting module ref_soft.dll, version 0.0.0.0, fault address 0x0000f6ef.
Processing media-specific event for [quake2.exe!ws!]

Error: (08/11/2011 02:00:05 PM) (Source: Application Error) (User: )
Description: Faulting application ctimpt3u.exe, version 1.0.38.0, faulting module mfinfou.dll, version 1.4.1.0, fault address 0x00001582.
Processing media-specific event for [ctimpt3u.exe!ws!]

Error: (08/11/2011 08:43:36 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.2180, faulting module shctmtp.dll, version 5.6.13.0, fault address 0x0000e5d5.
Processing media-specific event for [explorer.exe!ws!]

Error: (07/08/2011 02:49:44 PM) (Source: Application Error) (User: )
Description: Faulting application ctimpt3u.exe, version 1.0.38.0, faulting module mfinfou.dll, version 1.4.1.0, fault address 0x00001582.
Processing media-specific event for [ctimpt3u.exe!ws!]

Error: (06/19/2011 08:38:36 PM) (Source: Application Error) (User: )
Description: Faulting application deusex.exe, version 0.0.0.0, faulting module core.dll, version 0.0.0.0, fault address 0x00045630.
Processing media-specific event for [deusex.exe!ws!]


System errors:
=============
Error: (11/13/2011 11:57:43 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (11/13/2011 11:57:43 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (11/13/2011 00:31:27 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (11/13/2011 00:31:19 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (11/13/2011 00:31:13 AM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Error: (11/12/2011 11:44:21 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (11/12/2011 11:44:21 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (11/12/2011 11:44:21 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Error: (11/12/2011 11:44:21 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Error: (11/12/2011 11:44:21 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.


Microsoft Office Sessions:
=========================
Error: (11/09/2011 07:01:35 PM) (Source: Application Error)(User: )
Description: Steam.exe1.0.1065.11Steam.dll2.0.1228.11900200034

Error: (11/08/2011 11:12:43 PM) (Source: LoadPerf)(User: )
Description: 4328

Error: (11/08/2011 11:12:40 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (11/08/2011 11:12:40 PM) (Source: LoadPerf)(User: )
Description: 4328

Error: (09/03/2011 02:57:54 PM) (Source: Application Error)(User: )
Description: quake2.exe0.0.0.0ref_soft.dll0.0.0.00000f6ef

Error: (08/11/2011 02:00:05 PM) (Source: Application Error)(User: )
Description: ctimpt3u.exe1.0.38.0mfinfou.dll1.4.1.000001582

Error: (08/11/2011 08:43:36 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.2180shctmtp.dll5.6.13.00000e5d5

Error: (07/08/2011 02:49:44 PM) (Source: Application Error)(User: )
Description: ctimpt3u.exe1.0.38.0mfinfou.dll1.4.1.000001582

Error: (06/19/2011 08:38:36 PM) (Source: Application Error)(User: )
Description: deusex.exe0.0.0.0core.dll0.0.0.000045630


=========================== Installed Programs ============================

7-Zip 9.20
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 8.2.6 (Version: 8.2.6)
Advanced SystemCare 3 (Version: 3.8.0)
Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
Amnesia - The Dark Descent (Version: 1.0.0)
µTorrent (Version: 2.0.3)
AudibleManager (Version: 2089884432.1000.2089884374.2090320032)
AudioShell 1.3.5 (Version: 1.3.5)
Baldur's Gate & Tales of the Sword Coast
Bastion
Battlefield 1942
Battlefield 1942: The Road To Rome
Broadcom 802.11 Wireless LAN Adapter (Version: 4.170.25.12)
Broadcom 802.11n Network Adapter (Version: 07.13.2006)
CCleaner (Version: 3.11)
Classic Doom 3 1.3.1 (Version: 1.3.1)
Company of Heroes (Version: 1.0.0.78)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Cool Edit Pro 2.1
Creative MediaSource 5 (Version: 5.00)
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series (Version: 1.0)
DAEMON Tools Lite (Version: 4.40.2.0131)
Defcon
Defraggler (Version: 2.01)
FileZilla Client 3.3.5.1 (Version: 3.3.5.1)
FreeSpace 2
Game Booster (Version: 2.1.0.0)
Game Maker 8.0
Google Chrome (Version: 15.0.874.106)
Google Update Helper (Version: 1.3.21.79)
Guitar Pro 5.2
Half-Life 2
HP Deskjet 1280 (Version: 1.00.0000)
IDT Audio (Version: 5.10.5407.0)
Intel® PRO Network Connections (Version: )
Intel® PRO Network Connections Drivers
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 24 (Version: 6.0.240)
JDownloader (Version: 0.89)
LibUSB-Win32-0.1.10.1 (Version: 0.1.10.1)
Magic DVD Ripper V5.4.2
Malwarebytes' Anti-Malware
Mendeley Desktop 1.0.1 (Version: 1.0.1)
Messenger Plus! 5 (Version: 1.0.1.102)
Messenger Plus! Live (Version: 4.90.0.392)
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft .NET Framework 3.0 Service Pack 1 (Version: 3.1.21022)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Minecraft Beta
Morrowind
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
ODT To Doc Converter Software
OpenOffice.org 3.3 (Version: 3.3.9567)
Pegasus Imaging Corp. "The JPEG Wizard2"
Quake II
Quake Live Mozilla Plugin (Version: 1.0.433)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Revo Uninstaller Pro 2.5.1 (Version: 2.5.1)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005] (Version: 1.0005)
Segoe UI (Version: 14.0.4327.805)
SigmaTel Audio (Version: 5.10.4803.0)
SixaxisDriver 0.91
Softonic-Eng7 Toolbar (Version: 6.5.2.8)
Sony Ericsson Update Engine (Version: 2.11.4.11)
Source SDK Base 2007
Stalker Complete 2009 v1.4.4
Stronghold
TES Construction Set
Thief Gold
VLC media player 1.1.5 (Version: 1.1.5)
WebFldrs XP (Version: 9.50.7523)
Windows Imaging Component (Version: 3.0.0.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.00 beta 2 (32-bit) (Version: 4.00.2)
Wondershare Streaming Audio Recorder(Build 1.0.11.3)
XML Paper Specification Shared Components Pack 1.0
YouTube Downloader 3.3

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 2045.98 MB
Available physical RAM: 1495.21 MB
Total Pagefile: 4004.47 MB
Available Pagefile: 3538.16 MB
Total Virtual: 3071.88 MB
Available Virtual: 3025.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:169.95 GB) (Free:3.79 GB) NTFS
2 Drive d: (Partition) (Fixed) (Total:29.29 GB) (Free:2.17 GB) NTFS
3 Drive e: (CDROM) (Total:3.81 GB) (Free:0 GB) UDF
4 Drive f: (HD-PEU2) (Fixed) (Total:298.09 GB) (Free:96.33 GB) NTFS
6 Drive h: (GF) (Removable) (Total:1.87 GB) (Free:1.19 GB) FAT32

========================= Users: ========================================

User accounts for \\DAVE

Administrator GF Guest
HelpAssistant SUPPORT_388945a0 UpdatusUser


**** End of log ****


Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8152

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

13/11/2011 12:30:29
mbam-log-2011-11-13 (12-30-29).txt

Scan type: Quick scan
Objects scanned: 207435
Time elapsed: 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Gmer:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-13 12:52:34
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250824AS rev.3.ADH
Running: gmer.exe; Driver: C:\DOCUME~1\GF\LOCALS~1\Temp\pxtoapow.sys


---- System - GMER 1.0.15 ----

INT 0x73 ? FADC12AC
INT 0x83 ? FAC96E54
INT 0x84 ? FAC22E54
INT 0x94 ? FAB643C4
INT 0xA4 ? FAC2AAB4
INT 0xB1 ? FADC232C
INT 0xB4 ? FAB50A6C

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF51A53A0, 0x88C445, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\nvsvc32.exe[216] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00166390
.text C:\WINDOWS\system32\nvsvc32.exe[216] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00166640
.text C:\WINDOWS\system32\nvsvc32.exe[216] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001653D0
.text C:\WINDOWS\system32\nvsvc32.exe[216] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00165300
.text C:\WINDOWS\system32\nvsvc32.exe[216] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0
.text C:\WINDOWS\system32\nvsvc32.exe[216] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00161290
.text C:\WINDOWS\system32\nvsvc32.exe[216] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00162510
.text C:\WINDOWS\system32\nvsvc32.exe[216] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001610A0
.text C:\WINDOWS\system32\nvsvc32.exe[216] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00161000
.text C:\WINDOWS\system32\nvsvc32.exe[216] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00162570
.text C:\WINDOWS\system32\nvsvc32.exe[216] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\WINDOWS\system32\nvsvc32.exe[216] WS2_32.dll!send 71AB428A 5 Bytes JMP 00167250
.text C:\WINDOWS\system32\nvsvc32.exe[216] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 001620A0
.text C:\WINDOWS\system32\nvsvc32.exe[216] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 001623A0
.text C:\WINDOWS\system32\nvsvc32.exe[216] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00162160
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00166390
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00166640
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001653D0
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00165300
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00161290
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00162510
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001610A0
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00161000
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00162570
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] WS2_32.dll!send 71AB428A 5 Bytes JMP 00167250
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 001620A0
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 001623A0
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[256] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00162160
.text C:\WINDOWS\System32\svchost.exe[272] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A6390
.text C:\WINDOWS\System32\svchost.exe[272] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A6640
.text C:\WINDOWS\System32\svchost.exe[272] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000A53D0
.text C:\WINDOWS\System32\svchost.exe[272] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A5300
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 000A1290
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 000A2510
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000A10A0
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 000A1000
.text C:\WINDOWS\System32\svchost.exe[272] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 000A2570
.text C:\WINDOWS\System32\svchost.exe[272] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000A1D10
.text C:\WINDOWS\System32\svchost.exe[272] WS2_32.dll!send 71AB428A 5 Bytes JMP 000A7250
.text C:\WINDOWS\System32\svchost.exe[272] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 000A20A0
.text C:\WINDOWS\System32\svchost.exe[272] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 000A23A0
.text C:\WINDOWS\System32\svchost.exe[272] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 000A2160
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00156390
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156640
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001553D0
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00155300
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001511C0
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00151290
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00152510
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001510A0
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00151000
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00152570
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00151D10
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] WS2_32.dll!send 71AB428A 5 Bytes JMP 00157250
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 001520A0
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 001523A0
.text c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe[356] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00152160
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00166390
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00166640
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001653D0
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00165300
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00161290
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00162510
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001610A0
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00161000
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00162570
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] WS2_32.dll!send 71AB428A 5 Bytes JMP 00167250
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 001620A0
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 001623A0
.text C:\Documents and Settings\GF\Desktop\gmer\gmer.exe[568] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00162160
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01186390
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01186640
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 011853D0
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01185300
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 011811C0
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateFileW 7C810976 5 Bytes JMP 01181290
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!MoveFileA 7C822294 5 Bytes JMP 01182510
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CopyFileW 7C825779 5 Bytes JMP 011810A0
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CopyFileA 7C830053 5 Bytes JMP 01181000
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!MoveFileW 7C839659 5 Bytes JMP 01182570
.text C:\WINDOWS\system32\csrss.exe[684] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01181D10
.text C:\WINDOWS\system32\csrss.exe[684] WS2_32.dll!send 71AB428A 5 Bytes JMP 01187250
.text C:\WINDOWS\system32\csrss.exe[684] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 011820A0
.text C:\WINDOWS\system32\csrss.exe[684] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 011823A0
.text C:\WINDOWS\system32\csrss.exe[684] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 01182160
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01966390
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01966640
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 019653D0
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01965300
.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 019611C0
.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01961290
.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01962510
.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 019610A0
.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01961000
.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01962570
.text C:\WINDOWS\system32\winlogon.exe[708] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01961D10
.text C:\WINDOWS\system32\winlogon.exe[708] WS2_32.dll!send 71AB428A 5 Bytes JMP 01967250
.text C:\WINDOWS\system32\winlogon.exe[708] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 019620A0
.text C:\WINDOWS\system32\winlogon.exe[708] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 019623A0
.text C:\WINDOWS\system32\winlogon.exe[708] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 01962160
.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E26390
.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E26640
.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00E253D0
.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E25300
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E211C0
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E21290
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00E22510
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00E210A0
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00E21000
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00E22570
.text C:\WINDOWS\system32\services.exe[752] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00E21D10
.text C:\WINDOWS\system32\services.exe[752] WS2_32.dll!send 71AB428A 5 Bytes JMP 00E27250
.text C:\WINDOWS\system32\services.exe[752] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 00E220A0
.text C:\WINDOWS\system32\services.exe[752] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 00E223A0
.text C:\WINDOWS\system32\services.exe[752] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00E22160
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00826390
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00826640
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 008253D0
.text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00825300
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008211C0
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00821290
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00822510
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 008210A0
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00821000
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00822570
.text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00821D10
.text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!send 71AB428A 5 Bytes JMP 00827250
.text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 008220A0
.text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 008223A0
.text C:\WINDOWS\system32\svchost.exe[932] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00822160
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00166390
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00166640
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001653D0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00165300
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00161290
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00162510
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001610A0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00161000
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00162570
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00161D10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] WS2_32.dll!send 71AB428A 5 Bytes JMP 00167250
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 001620A0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 001623A0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1032] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00162160
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00976390
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00976640
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009753D0
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00975300
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009711C0
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00971290
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00972510
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009710A0
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00971000
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00972570
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00971D10
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!send 71AB428A 5 Bytes JMP 00977250
.text C:\WINDOWS\system32\svchost.exe[1036] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 009720A0
.text C:\WINDOWS\system32\svchost.exe[1036] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 009723A0
.text C:\WINDOWS\system32\svchost.exe[1036] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00972160
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01616390
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01616640
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 016153D0
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01615300
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 016111C0
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01611290
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01612510
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 016110A0
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01611000
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01612570
.text C:\WINDOWS\System32\svchost.exe[1076] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01611D10
.text C:\WINDOWS\System32\svchost.exe[1076] WS2_32.dll!send 71AB428A 5 Bytes JMP 01617250
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 016120A0
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 016123A0
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 01612160
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009E6390
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009E6640
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009E53D0
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009E5300
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009E11C0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009E1290
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 009E2510
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009E10A0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 009E1000
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 009E2570
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 009E1D10
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!send 71AB428A 5 Bytes JMP 009E7250
.text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 009E20A0
.text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 009E23A0
.text C:\WINDOWS\system32\svchost.exe[1112] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 009E2160
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007C6390
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007C6640
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 007C53D0
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 007C5300
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007C11C0
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 007C1290
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 007C2510
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 007C10A0
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 007C1000
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 007C2570
.text C:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 007C1D10
.text C:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!send 71AB428A 5 Bytes JMP 007C7250
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 007C20A0
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 007C23A0
.text C:\WINDOWS\system32\svchost.exe[1224] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 007C2160
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 006F6390
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 006F6640
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 006F53D0
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006F5300
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006F11C0
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 006F1290
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 006F2510
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 006F10A0
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 006F1000
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 006F2570
.text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 006F1D10
.text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!send 71AB428A 5 Bytes JMP 006F7250
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 006F20A0
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 006F23A0
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 006F2160
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00156390
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156640
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001553D0
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00155300
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001511C0
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00151290
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00152510
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001510A0
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00151000
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00152570
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00151D10
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] WS2_32.dll!send 71AB428A 5 Bytes JMP 00157250
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 001520A0
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 001523A0
.text C:\WINDOWS\system32\CTsvcCDA.exe[1464] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00152160
.text C:\WINDOWS\system32\spoolsv.exe[1604] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009E6390
.text C:\WINDOWS\system32\spoolsv.exe[1604] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009E6640
.text C:\WINDOWS\system32\spoolsv.exe[1604] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009E53D0
.text C:\WINDOWS\system32\spoolsv.exe[1604] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009E5300
.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009E11C0
.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009E1290
.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 009E2510
.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009E10A0
.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 009E1000
.text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 009E2570
.text C:\WINDOWS\system32\spoolsv.exe[1604] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 009E1D10
.text C:\WINDOWS\system32\spoolsv.exe[1604] WS2_32.dll!send 71AB428A 5 Bytes JMP 009E7250
.text C:\WINDOWS\system32\spoolsv.exe[1604] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 009E20A0
.text C:\WINDOWS\system32\spoolsv.exe[1604] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 009E23A0
.text C:\WINDOWS\system32\spoolsv.exe[1604] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 009E2160
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00156390
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00156640
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 001553D0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00155300
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001511C0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00151290
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00152510
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001510A0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00151000
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00152570
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00151D10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] WS2_32.dll!send 71AB428A 5 Bytes JMP 00157250
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 001520A0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 001523A0
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1632] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00152160
.text C:\Program Files\IDT\WDM\sttray.exe[1728] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00CD6390
.text C:\Program Files\IDT\WDM\sttray.exe[1728] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00CD6640
.text C:\Program Files\IDT\WDM\sttray.exe[1728] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00CD53D0
.text C:\Program Files\IDT\WDM\sttray.exe[1728] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CD5300
.text C:\Program Files\IDT\WDM\sttray.exe[1728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CD11C0
.text C:\Program Files\IDT\WDM\sttray.exe[1728] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00CD1290
.text C:\Program Files\IDT\WDM\sttray.exe[1728] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00CD2510
.text C:\Program Files\IDT\WDM\sttray.exe[1728] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00CD10A0
.text C:\Program Files\IDT\WDM\sttray.exe[1728] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00CD1000
.text C:\Program Files\IDT\WDM\sttray.exe[1728] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00CD2570
.text C:\Program Files\IDT\WDM\sttray.exe[1728] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00CD1D10
.text C:\Program Files\IDT\WDM\sttray.exe[1728] WS2_32.dll!send 71AB428A 5 Bytes JMP 00CD7250
.text C:\Program Files\IDT\WDM\sttray.exe[1728] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 00CD20A0
.text C:\Program Files\IDT\WDM\sttray.exe[1728] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 00CD23A0
.text C:\Program Files\IDT\WDM\sttray.exe[1728] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00CD2160
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00EB6390
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00EB6640
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00EB53D0
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00EB5300
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EB11C0
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00EB1290
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00EB2510
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00EB10A0
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00EB1000
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00EB2570
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00EB1D10
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] WS2_32.dll!send 71AB428A 5 Bytes JMP 00EB7250
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 00EB20A0
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 00EB23A0
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1736] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00EB2160
.text C:\WINDOWS\system32\RunDLL32.exe[1752] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01316390
.text C:\WINDOWS\system32\RunDLL32.exe[1752] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01316640
.text C:\WINDOWS\system32\RunDLL32.exe[1752] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 013153D0
.text C:\WINDOWS\system32\RunDLL32.exe[1752] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01315300
.text C:\WINDOWS\system32\RunDLL32.exe[1752] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013111C0
.text C:\WINDOWS\system32\RunDLL32.exe[1752] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01311290
.text C:\WINDOWS\system32\RunDLL32.exe[1752] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01312510
.text C:\WINDOWS\system32\RunDLL32.exe[1752] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 013110A0
.text C:\WINDOWS\system32\RunDLL32.exe[1752] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01311000
.text C:\WINDOWS\system32\RunDLL32.exe[1752] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01312570
.text C:\WINDOWS\system32\RunDLL32.exe[1752] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01311D10
.text C:\WINDOWS\system32\RunDLL32.exe[1752] WS2_32.dll!send 71AB428A 5 Bytes JMP 01317250
.text C:\WINDOWS\system32\RunDLL32.exe[1752] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 013120A0
.text C:\WINDOWS\system32\RunDLL32.exe[1752] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 013123A0
.text C:\WINDOWS\system32\RunDLL32.exe[1752] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 01312160
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D46390
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D46640
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00D453D0
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D45300
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D411C0
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D41290
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00D42510
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00D410A0
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00D41000
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00D42570
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 00D420A0
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 00D423A0
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 00D42160
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 00D41D10
.text C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe[1768] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D47250
.text C:\Program Files\uTorrent\uTorrent.exe[1776] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 02A86390
.text C:\Program Files\uTorrent\uTorrent.exe[1776] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 02A86640
.text C:\Program Files\uTorrent\uTorrent.exe[1776] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 02A853D0
.text C:\Program Files\uTorrent\uTorrent.exe[1776] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 02A85300
.text C:\Program Files\uTorrent\uTorrent.exe[1776] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02A811C0
.text C:\Program Files\uTorrent\uTorrent.exe[1776] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02A81290
.text C:\Program Files\uTorrent\uTorrent.exe[1776] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 02A82510
.text C:\Program Files\uTorrent\uTorrent.exe[1776] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 02A810A0
.text C:\Program Files\uTorrent\uTorrent.exe[1776] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 02A81000
.text C:\Program Files\uTorrent\uTorrent.exe[1776] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 02A82570
.text C:\Program Files\uTorrent\uTorrent.exe[1776] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 02A81D10
.text C:\Program Files\uTorrent\uTorrent.exe[1776] WS2_32.dll!send 71AB428A 5 Bytes JMP 02A87250
.text C:\Program Files\uTorrent\uTorrent.exe[1776] WININET.dll!HttpSendRequestA 771C76B8 3 Bytes JMP 02A820A0
.text C:\Program Files\uTorrent\uTorrent.exe[1776] WININET.dll!HttpSendRequestA + 4 771C76BC 1 Byte [8B]
.text C:\Program Files\uTorrent\uTorrent.exe[1776] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 02A823A0
.text C:\Program Files\uTorrent\uTorrent.exe[1776] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 02A82160
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01A26390
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01A26640
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 01A253D0
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01A25300
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01A211C0
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01A21290
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01A22510
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 01A210A0
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01A21000
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01A22570
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 01A21D10
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] WS2_32.dll!send 71AB428A 5 Bytes JMP 01A27250
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] wininet.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 01A220A0
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] wininet.dll!InternetWriteFile 771F7953 5 Bytes JMP 01A223A0
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1792] wininet.dll!HttpSendRequestW 77211808 5 Bytes JMP 01A22160
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 022A6390
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 022A6640
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 022A53D0
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 022A5300
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 022A11C0
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 022A1290
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 022A2510
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 022A10A0
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 022A1000
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 022A2570
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 022A1D10
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] WS2_32.dll!send 71AB428A 5 Bytes JMP 022A7250
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 022A20A0
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 022A23A0
.text C:\Documents and Settings\GF\Application Data\Dropbox\bin\Dropbox.exe[1848] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 022A2160
.text C:\WINDOWS\System32\alg.exe[2392] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A6390
.text C:\WINDOWS\System32\alg.exe[2392] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A6640
.text C:\WINDOWS\System32\alg.exe[2392] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000A53D0
.text C:\WINDOWS\System32\alg.exe[2392] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A5300
.text C:\WINDOWS\System32\alg.exe[2392] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0
.text C:\WINDOWS\System32\alg.exe[2392] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 000A1290
.text C:\WINDOWS\System32\alg.exe[2392] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 000A2510
.text C:\WINDOWS\System32\alg.exe[2392] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000A10A0
.text C:\WINDOWS\System32\alg.exe[2392] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 000A1000
.text C:\WINDOWS\System32\alg.exe[2392] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 000A2570
.text C:\WINDOWS\System32\alg.exe[2392] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000A1D10
.text C:\WINDOWS\System32\alg.exe[2392] WS2_32.dll!send 71AB428A 5 Bytes JMP 000A7250
.text C:\WINDOWS\System32\alg.exe[2392] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 000A20A0
.text C:\WINDOWS\System32\alg.exe[2392] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 000A23A0
.text C:\WINDOWS\System32\alg.exe[2392] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 000A2160
.text C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A6390
.text C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A6640
.text C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000A53D0
.text C:\WINDOWS\system32\wscntfy.exe[2432] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A5300
.text C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0
.text C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 000A1290
.text C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 000A2510
.text C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000A10A0
.text C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 000A1000
.text C:\WINDOWS\system32\wscntfy.exe[2432] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 000A2570
.text C:\WINDOWS\system32\wscntfy.exe[2432] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000A1D10
.text C:\WINDOWS\system32\wscntfy.exe[2432] WS2_32.dll!send 71AB428A 5 Bytes JMP 000A7250
.text C:\WINDOWS\system32\wscntfy.exe[2432] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 000A20A0
.text C:\WINDOWS\system32\wscntfy.exe[2432] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 000A23A0
.text C:\WINDOWS\system32\wscntfy.exe[2432] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 000A2160
.text C:\WINDOWS\explorer.exe[2736] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A6390
.text C:\WINDOWS\explorer.exe[2736] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A6640
.text C:\WINDOWS\explorer.exe[2736] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000A53D0
.text C:\WINDOWS\explorer.exe[2736] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A5300
.text C:\WINDOWS\explorer.exe[2736] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0
.text C:\WINDOWS\explorer.exe[2736] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 000A1290
.text C:\WINDOWS\explorer.exe[2736] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 000A2510
.text C:\WINDOWS\explorer.exe[2736] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000A10A0
.text C:\WINDOWS\explorer.exe[2736] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 000A1000
.text C:\WINDOWS\explorer.exe[2736] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 000A2570
.text C:\WINDOWS\explorer.exe[2736] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 000A20A0
.text C:\WINDOWS\explorer.exe[2736] WININET.dll!InternetWriteFile 771F7953 5 Bytes JMP 000A23A0
.text C:\WINDOWS\explorer.exe[2736] WININET.dll!HttpSendRequestW 77211808 5 Bytes JMP 000A2160
.text C:\WINDOWS\explorer.exe[2736] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 000A1D10
.text C:\WINDOWS\explorer.exe[2736] WS2_32.dll!send 71AB428A 5 Bytes JMP 000A7250

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x37 0x29 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAF 0xBD 0xA3 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x91 0xD4 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0xDE 0x37 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x41 0x10 0x9A 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x70 0x25 0x50 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xC4 0x84 0xAA 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x37 0x29 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAF 0xBD 0xA3 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x91 0xD4 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0xDE 0x37 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x41 0x10 0x9A 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x70 0x25 0x50 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xC4 0x84 0xAA 0xFB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x37 0x29 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAF 0xBD 0xA3 0x3B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x91 0xD4 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0xDE 0x37 0xE1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x41 0x10 0x9A 0xDD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x70 0x25 0x50 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xC4 0x84 0xAA 0xFB ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Hfgygf C:\Documents and Settings\GF\Application Data\Hfgygf.exe
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\GF\Application Data\Hfgygf.exe Hfgygf



Again, thanks for your help

#4 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 13 November 2011 - 12:02 PM

We have several issues there.

1. GMER log seems to be incomplete. It should end with "EOF" line.
Please redo.

2. You're not running any AV program.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html (make sure to opt out from installing Ask Toolbar - it comes pre-checked)
Update, run full scan, report on any findings.

3. You're well behind with Windows updates including Service Pack 3. Do NOTHING about it yet.

4. Your "hosts" file has been hijacked.
Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.

Re-run MiniToolbox.

Checkmark following boxes:
  • Flush DNS
  • Reset FF Proxy Settings

Click Go and post the result.

Restart computer.

Re-run MiniToolbox again.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts

Click Go and post the result.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users