Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection - IE/Firefox/Regedit/Cmd


  • This topic is locked This topic is locked
5 replies to this topic

#1 richvisuals

richvisuals

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 19 February 2009 - 06:49 PM

Not detected by Avira/AVG
Symptoms :
Sudden infection (took 1 reboot for all symptoms to show)
Regedit and CMD Crashes Explorer Shell and will not open
Searches in both Firefox and IE7 hijacked but very cleverly (I Think) - Google search page is displayed but first click on a link will often take you to a phishing/fake site if there is one available.
Pressing the back button will often return you to the clicked link.

I have searched in the common ways to no effect.
Restarting in Safe mode has no effect.

I need help to indentify and remove the infection. Thanks in advance :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:32, on 19/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Intel\AMT\atchk.exe
d:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Intel\AMT\LMS.exe
d:\PROGRA~1\AVG\AVG8\avgam.exe
d:\PROGRA~1\AVG\AVG8\avgrsx.exe
d:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
d:\Program Files\AVG\AVG8\avgui.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
d:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
d:\Program Files\AVG\AVG8\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] d:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232555972890
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.10\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

--
End of file - 12502 bytes

BC AdBot (Login to Remove)

 


#2 richvisuals

richvisuals
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 19 February 2009 - 07:17 PM

DDS.scr failed to start - command line window displays for a brief moment end then closes automatically.
This does not force restart explorer.

#3 richvisuals

richvisuals
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 19 February 2009 - 08:05 PM

MBAM:
Summary : 1 Infection : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Log as follows :
Malwarebytes' Anti-Malware 1.34
Database version: 1780
Windows 5.1.2600 Service Pack 3

20/02/2009 01:01:56
mbam-log-2009-02-20 (01-01-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 157905
Time elapsed: 25 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 richvisuals

richvisuals
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 20 February 2009 - 07:27 AM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-20 01:45:50
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\svchost.exe[240] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\svchost.exe[240] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\svchost.exe[240] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\svchost.exe[240] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\svchost.exe[240] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[292] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe[424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100A2F60
.text C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe[424] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100A2ED4
.text C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe[424] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100A2A54
.text C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe[424] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100A23DC
.text C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe[424] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100A2360
.text C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe[424] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100A2E88
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10062F60
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[452] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10062ED4
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[452] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10062A54
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[452] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100623DC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[452] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10062360
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[452] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10062E88
.text C:\WINDOWS\system32\spoolsv.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\spoolsv.exe[656] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\spoolsv.exe[656] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\spoolsv.exe[656] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\spoolsv.exe[656] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\spoolsv.exe[656] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\System32\SCardSvr.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\System32\SCardSvr.exe[740] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\System32\SCardSvr.exe[740] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\System32\SCardSvr.exe[740] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\System32\SCardSvr.exe[740] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\System32\SCardSvr.exe[740] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10052F60
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[748] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10052ED4
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[748] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10052A54
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[748] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100523DC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[748] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10052360
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[748] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10052E88
.text C:\WINDOWS\System32\alg.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\System32\alg.exe[876] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\System32\alg.exe[876] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\System32\alg.exe[876] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\System32\alg.exe[876] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\System32\alg.exe[876] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\System32\svchost.exe[1076] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\System32\svchost.exe[1076] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\System32\svchost.exe[1076] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\System32\svchost.exe[1076] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\System32\svchost.exe[1076] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1112] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1112] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1112] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1112] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1112] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\Program Files\Java\jre6\bin\jusched.exe[1312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\Program Files\Java\jre6\bin\jusched.exe[1312] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\Program Files\Java\jre6\bin\jusched.exe[1312] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\Program Files\Java\jre6\bin\jusched.exe[1312] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\Program Files\Java\jre6\bin\jusched.exe[1312] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\Program Files\Java\jre6\bin\jusched.exe[1312] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\SearchIndexer.exe[1360] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\msdtc.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\msdtc.exe[1396] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\msdtc.exe[1396] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\msdtc.exe[1396] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\msdtc.exe[1396] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\msdtc.exe[1396] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\winlogon.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\winlogon.exe[1416] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\System32\svchost.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\System32\svchost.exe[1640] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\System32\svchost.exe[1640] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\System32\svchost.exe[1640] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\System32\svchost.exe[1640] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\System32\svchost.exe[1640] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\svchost.exe[1684] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\svchost.exe[1684] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\svchost.exe[1684] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\svchost.exe[1684] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\svchost.exe[1684] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\svchost.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\svchost.exe[1816] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\svchost.exe[1816] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\svchost.exe[1816] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\svchost.exe[1816] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\svchost.exe[1816] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\System32\svchost.exe[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\System32\svchost.exe[1868] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\System32\svchost.exe[1868] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\System32\svchost.exe[1868] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\System32\svchost.exe[1868] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\System32\svchost.exe[1868] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\svchost.exe[1964] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\svchost.exe[1964] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\svchost.exe[1964] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\svchost.exe[1964] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\svchost.exe[1964] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\RUNDLL32.EXE[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\RUNDLL32.EXE[1972] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\RUNDLL32.EXE[1972] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\RUNDLL32.EXE[1972] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\RUNDLL32.EXE[1972] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\RUNDLL32.EXE[1972] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\mqsvc.exe[2112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\mqsvc.exe[2112] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\mqsvc.exe[2112] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\mqsvc.exe[2112] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\mqsvc.exe[2112] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\mqsvc.exe[2112] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text d:\PROGRA~1\AVG\AVG8\avgfws8.exe[2484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text d:\PROGRA~1\AVG\AVG8\avgfws8.exe[2484] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text d:\PROGRA~1\AVG\AVG8\avgfws8.exe[2484] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text d:\PROGRA~1\AVG\AVG8\avgfws8.exe[2484] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text d:\PROGRA~1\AVG\AVG8\avgfws8.exe[2484] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text d:\PROGRA~1\AVG\AVG8\avgfws8.exe[2484] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\mqtgsvc.exe[2544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\mqtgsvc.exe[2544] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\mqtgsvc.exe[2544] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\mqtgsvc.exe[2544] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\mqtgsvc.exe[2544] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\mqtgsvc.exe[2544] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text D:\PROGRA~1\AVG\AVG8\avgtray.exe[2616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text D:\PROGRA~1\AVG\AVG8\avgtray.exe[2616] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text D:\PROGRA~1\AVG\AVG8\avgtray.exe[2616] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text D:\PROGRA~1\AVG\AVG8\avgtray.exe[2616] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text D:\PROGRA~1\AVG\AVG8\avgtray.exe[2616] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text D:\PROGRA~1\AVG\AVG8\avgtray.exe[2616] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2664] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2664] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2664] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2664] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2664] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\ctfmon.exe[2704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\ctfmon.exe[2704] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\ctfmon.exe[2704] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\ctfmon.exe[2704] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\ctfmon.exe[2704] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\ctfmon.exe[2704] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100C2F60
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2840] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100C2ED4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2840] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100C2A54
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2840] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100C23DC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2840] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100C2360
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2840] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100C2E88
.text C:\Program Files\Intel\AMT\LMS.exe[2888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\Program Files\Intel\AMT\LMS.exe[2888] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\Program Files\Intel\AMT\LMS.exe[2888] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\Program Files\Intel\AMT\LMS.exe[2888] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\Program Files\Intel\AMT\LMS.exe[2888] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\Program Files\Intel\AMT\LMS.exe[2888] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text d:\PROGRA~1\AVG\AVG8\avgnsx.exe[3388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text d:\PROGRA~1\AVG\AVG8\avgnsx.exe[3388] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text d:\PROGRA~1\AVG\AVG8\avgnsx.exe[3388] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text d:\PROGRA~1\AVG\AVG8\avgnsx.exe[3388] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text d:\PROGRA~1\AVG\AVG8\avgnsx.exe[3388] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text d:\PROGRA~1\AVG\AVG8\avgnsx.exe[3388] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3848] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3848] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3848] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3848] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3848] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\system32\nvsvc32.exe[3880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\system32\nvsvc32.exe[3880] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\system32\nvsvc32.exe[3880] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\system32\nvsvc32.exe[3880] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\system32\nvsvc32.exe[3880] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\system32\nvsvc32.exe[3880] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88
.text C:\WINDOWS\System32\svchost.exe[3960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10022F60
.text C:\WINDOWS\System32\svchost.exe[3960] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022ED4
.text C:\WINDOWS\System32\svchost.exe[3960] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022A54
.text C:\WINDOWS\System32\svchost.exe[3960] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223DC
.text C:\WINDOWS\System32\svchost.exe[3960] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022360
.text C:\WINDOWS\System32\svchost.exe[3960] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022E88

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:05 AM

Posted 26 February 2009 - 07:50 PM

Hello richvisuals,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:05 AM

Posted 08 March 2009 - 04:50 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users