Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/Yahoo search divert, Banksite pop-up


  • This topic is locked This topic is locked
27 replies to this topic

#1 BuckB

BuckB

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 23 May 2010 - 07:56 PM

Since last week 90% of my searches in Google or Yahoo are being diverted to totally irrelevant websites. Repeating the failed search produces the same result. Norton/spybot report no problems. Norton keeps reporting "medium threat--unauthorized access denied (open process taken)"

Perhaps unrelated, When I try to open my Bank of America internet banking page I get a Pop-up asking for my Credit Card number plus personal info. B of A says that they are not the source. Inserting decoy information causes the pop-up to disappear but it reappears the next time I try to open the page. Changing the user ID and password did not help.

Help would be appreciated
DDS (Ver_10-03-17.01) - NTFSx86
Run by Buck Burkman at 20:09:08.70 on Sun 05/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.673 [GMT -4:00]

DDS (Ver_10-03-17.01) - NTFSx86
Run by Buck Burkman at 20:09:08.70 on Sun 05/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.673 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Buck Burkman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = 192.168.0.253:8080
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [{5F0AC079-4890-5D17-73F7-A75B52174B21}] "c:\documents and settings\buck burkman\application data\tycam\faqey.exe"
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000096.000001d8
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [bacstray] BacsTray.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: comcast.net\mailcenter
Trusted Zone: comcast.net\webauth
Trusted Zone: comcast.net\www
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124592001081
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124591937180
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: text/html - {2efec02b-6bf9-4ca6-a317-d7b8a6882da3} -
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-13 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-13 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100513.002\IDSXpx86.sys [2010-5-17 329592]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-13 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-13 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100523.004\NAVENG.SYS [2010-5-23 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100523.004\NAVEX15.SYS [2010-5-23 1347504]

=============== Created Last 30 ================

2010-05-23 18:02:40 0 ----a-w- c:\documents and settings\buck burkman\defogger_reenable
2010-05-22 15:30:03 0 d--h--w- c:\windows\system32\GroupPolicy

==================== Find3M ====================

2010-05-22 23:16:19 11618 ----a-w- c:\windows\system32\nvModes.dat
2010-03-19 22:05:50 4874240 ------w- c:\windows\system32\dllcache\wmp.dll
2010-03-13 19:28:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-13 19:28:20 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-24 23:04:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042420090425\index.dat

============= FINISH: 20:10:49.98 ===============

DDS (Ver_10-03-17.01) - NTFSx86
Run by Buck Burkman at 20:09:08.70 on Sun 05/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.673 [GMT -4:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Buck Burkman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = 192.168.0.253:8080
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [{5F0AC079-4890-5D17-73F7-A75B52174B21}] "c:\documents and settings\buck burkman\application data\tycam\faqey.exe"
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000096.000001d8
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [bacstray] BacsTray.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: comcast.net\mailcenter
Trusted Zone: comcast.net\webauth
Trusted Zone: comcast.net\www
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124592001081
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124591937180
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: text/html - {2efec02b-6bf9-4ca6-a317-d7b8a6882da3} -
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-13 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-13 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100513.002\IDSXpx86.sys [2010-5-17 329592]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-13 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-13 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100523.004\NAVENG.SYS [2010-5-23 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100523.004\NAVEX15.SYS [2010-5-23 1347504]

=============== Created Last 30 ================

2010-05-23 18:02:40 0 ----a-w- c:\documents and settings\buck burkman\defogger_reenable
2010-05-22 15:30:03 0 d--h--w- c:\windows\system32\GroupPolicy

==================== Find3M ====================

2010-05-22 23:16:19 11618 ----a-w- c:\windows\system32\nvModes.dat
2010-03-19 22:05:50 4874240 ------w- c:\windows\system32\dllcache\wmp.dll
2010-03-13 19:28:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-13 19:28:20 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-24 23:04:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042420090425\index.dat

============= FINISH: 20:10:49.98 ===============

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Buck Burkman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = 192.168.0.253:8080
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [{5F0AC079-4890-5D17-73F7-A75B52174B21}] "c:\documents and settings\buck burkman\application data\tycam\faqey.exe"
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000096.000001d8
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [bacstray] BacsTray.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: comcast.net\mailcenter
Trusted Zone: comcast.net\webauth
Trusted Zone: comcast.net\www
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124592001081
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124591937180
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: text/html - {2efec02b-6bf9-4ca6-a317-d7b8a6882da3} -
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-13 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-13 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100513.002\IDSXpx86.sys [2010-5-17 329592]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-13 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-13 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100523.004\NAVENG.SYS [2010-5-23 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100523.004\NAVEX15.SYS [2010-5-23 1347504]

=============== Created Last 30 ================

2010-05-23 18:02:40 0 ----a-w- c:\documents and settings\buck burkman\defogger_reenable
2010-05-22 15:30:03 0 d--h--w- c:\windows\system32\GroupPolicy

==================== Find3M ====================

2010-05-22 23:16:19 11618 ----a-w- c:\windows\system32\nvModes.dat
2010-03-19 22:05:50 4874240 ------w- c:\windows\system32\dllcache\wmp.dll
2010-03-13 19:28:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-13 19:28:20 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-24 23:04:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042420090425\index.dat

============= FINISH: 20:10:49.98 ===============
.

Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:02 AM

Posted 25 May 2010 - 08:55 PM

Hello, BuckB.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 BuckB

BuckB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 27 May 2010 - 04:12 PM

Hi aommaster, following up. When I ran RSIT I got a single large file which I assume contains the two subfiles that you need . Result is pasted below. Also pasting the gmer.log that I downloaded last time. Hopefully that gives you what you need. Let me know if there are problems.

PS I still have the 2 DDS files if you need them.

Buck B
Tallahassee, Florida

Logfile of random's system information tool 1.07 (written by random/random)
Run by Buck Burkman at 2010-05-27 16:48:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (61%) free of 54 GB
Total RAM: 1279 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-23 16:51:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\BUCKBU~1\LOCALS~1\Temp\fxtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT 8A0AA058 ZwAlertResumeThread
SSDT 8A0AA090 ZwAlertThread
SSDT 89FF30A0 ZwAllocateVirtualMemory
SSDT 8A186150 ZwAssignProcessToJobObject
SSDT 8A260E50 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB7EE1130]
SSDT 8A096060 ZwCreateMutant
SSDT 8A31B140 ZwCreateSymbolicLinkObject
SSDT 89FABF20 ZwCreateThread
SSDT 8A0A10B0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB7EE13B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB7EE1910]
SSDT 89FF3178 ZwDuplicateObject
SSDT 8A335138 ZwFreeVirtualMemory
SSDT 8A096150 ZwImpersonateAnonymousToken
SSDT 8A09A0A8 ZwImpersonateThread
SSDT 8A1E4E00 ZwLoadDriver
SSDT 8A335098 ZwMapViewOfSection
SSDT 8A098150 ZwOpenEvent
SSDT 8A004198 ZwOpenProcess
SSDT 8A0C9058 ZwOpenProcessToken
SSDT 8A17D130 ZwOpenSection
SSDT 8A004108 ZwOpenThread
SSDT 8A186060 ZwProtectVirtualMemory
SSDT 8A205F88 ZwResumeThread
SSDT 8A2C5700 ZwSetContextThread
SSDT 8A180138 ZwSetInformationProcess
SSDT 8A0A1190 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB7EE1B60]
SSDT 8A098070 ZwSuspendProcess
SSDT 8A0AA150 ZwSuspendThread
SSDT 8A061058 ZwTerminateProcess
SSDT 8A180070 ZwTerminateThread
SSDT 8A08A058 ZwUnmapViewOfSection
SSDT 8A335008 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0098017D
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00980346
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 009803ED
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 009814C6
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00981608
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00984F2B
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00984F68
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00984F8E
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00976A80
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00985EEC
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00985FB0
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00985EA4
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00985F7F
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00985CB0
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00985D09
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00985F30
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00985E03
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[132] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00985D62
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 02035BAC
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00DD017D
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DD0346
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00DD03ED
.text C:\WINDOWS\Explorer.EXE[204] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 02035ADE
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00DD14C6
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00DD1608
.text C:\WINDOWS\Explorer.EXE[204] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00DC6A80
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00DD5EEC
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00DD5FB0
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00DD5EA4
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00DD5F7F
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00DD5CB0
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00DD5D09
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00DD5F30
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00DD5E03
.text C:\WINDOWS\Explorer.EXE[204] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00DD5D62
.text C:\WINDOWS\Explorer.EXE[204] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DD4F2B
.text C:\WINDOWS\Explorer.EXE[204] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00DD4F68
.text C:\WINDOWS\Explorer.EXE[204] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DD4F8E
.text C:\WINDOWS\system32\1XConfig.exe[760] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0178017D
.text C:\WINDOWS\system32\1XConfig.exe[760] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01780346
.text C:\WINDOWS\system32\1XConfig.exe[760] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 017803ED
.text C:\WINDOWS\system32\1XConfig.exe[760] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 017814C6
.text C:\WINDOWS\system32\1XConfig.exe[760] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 01781608
.text C:\WINDOWS\system32\1XConfig.exe[760] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01784F2B
.text C:\WINDOWS\system32\1XConfig.exe[760] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01784F68
.text C:\WINDOWS\system32\1XConfig.exe[760] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01784F8E
.text C:\WINDOWS\system32\1XConfig.exe[760] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 01776A80
.text C:\WINDOWS\system32\1XConfig.exe[760] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01785EEC
.text C:\WINDOWS\system32\1XConfig.exe[760] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01785FB0
.text C:\WINDOWS\system32\1XConfig.exe[760] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01785EA4
.text C:\WINDOWS\system32\1XConfig.exe[760] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01785F7F
.text C:\WINDOWS\system32\1XConfig.exe[760] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01785CB0
.text C:\WINDOWS\system32\1XConfig.exe[760] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01785D09
.text C:\WINDOWS\system32\1XConfig.exe[760] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01785F30
.text C:\WINDOWS\system32\1XConfig.exe[760] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01785E03
.text C:\WINDOWS\system32\1XConfig.exe[760] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01785D62
.text C:\WINDOWS\BCMSMMSG.exe[768] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00B9017D
.text C:\WINDOWS\BCMSMMSG.exe[768] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B90346
.text C:\WINDOWS\BCMSMMSG.exe[768] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00B903ED
.text C:\WINDOWS\BCMSMMSG.exe[768] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00B914C6
.text C:\WINDOWS\BCMSMMSG.exe[768] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00B91608
.text C:\WINDOWS\BCMSMMSG.exe[768] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B94F2B
.text C:\WINDOWS\BCMSMMSG.exe[768] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B94F68
.text C:\WINDOWS\BCMSMMSG.exe[768] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B94F8E
.text C:\WINDOWS\BCMSMMSG.exe[768] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00B86A80
.text C:\WINDOWS\BCMSMMSG.exe[768] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00B95EEC
.text C:\WINDOWS\BCMSMMSG.exe[768] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00B95FB0
.text C:\WINDOWS\BCMSMMSG.exe[768] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00B95EA4
.text C:\WINDOWS\BCMSMMSG.exe[768] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00B95F7F
.text C:\WINDOWS\BCMSMMSG.exe[768] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00B95CB0
.text C:\WINDOWS\BCMSMMSG.exe[768] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00B95D09
.text C:\WINDOWS\BCMSMMSG.exe[768] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00B95F30
.text C:\WINDOWS\BCMSMMSG.exe[768] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00B95E03
.text C:\WINDOWS\BCMSMMSG.exe[768] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00B95D62
.text C:\Program Files\Apoint\Apoint.exe[788] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00B2017D
.text C:\Program Files\Apoint\Apoint.exe[788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B20346
.text C:\Program Files\Apoint\Apoint.exe[788] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00B203ED
.text C:\Program Files\Apoint\Apoint.exe[788] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00B214C6
.text C:\Program Files\Apoint\Apoint.exe[788] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00B21608
.text C:\Program Files\Apoint\Apoint.exe[788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B24F2B
.text C:\Program Files\Apoint\Apoint.exe[788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B24F68
.text C:\Program Files\Apoint\Apoint.exe[788] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B24F8E
.text C:\Program Files\Apoint\Apoint.exe[788] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00B16A80
.text C:\Program Files\Apoint\Apoint.exe[788] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00B25EEC
.text C:\Program Files\Apoint\Apoint.exe[788] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00B25FB0
.text C:\Program Files\Apoint\Apoint.exe[788] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00B25EA4
.text C:\Program Files\Apoint\Apoint.exe[788] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00B25F7F
.text C:\Program Files\Apoint\Apoint.exe[788] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00B25CB0
.text C:\Program Files\Apoint\Apoint.exe[788] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00B25D09
.text C:\Program Files\Apoint\Apoint.exe[788] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00B25F30
.text C:\Program Files\Apoint\Apoint.exe[788] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00B25E03
.text C:\Program Files\Apoint\Apoint.exe[788] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00B25D62
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00B7017D
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B70346
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00B703ED
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00B714C6
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00B71608
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00B75EEC
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00B75FB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00B75EA4
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00B75F7F
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00B75CB0
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00B75D09
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00B75F30
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00B75E03
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00B75D62
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B74F2B
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B74F68
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B74F8E
.text C:\Program Files\Java\jre6\bin\jusched.exe[804] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00B66A80
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0100017D
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01000346
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 010003ED
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 010014C6
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 01001608
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01004F2B
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01004F68
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01004F8E
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00FF6A80
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01005EEC
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01005FB0
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01005EA4
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01005F7F
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01005CB0
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01005D09
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01005F30
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01005E03
.text C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe[856] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01005D62
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00FA017D
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00FA0346
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00FA03ED
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00FA14C6
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00FA1608
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FA4F2B
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FA4F68
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FA4F8E
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00F96A80
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00FA5EEC
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00FA5FB0
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00FA5EA4
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00FA5F7F
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00FA5CB0
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00FA5D09
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00FA5F30
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00FA5E03
.text C:\WINDOWS\system32\dla\tfswctrl.exe[864] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00FA5D62
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 01CF5BAC
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0015017D
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150346
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] kernel32.dll!WaitForSingleObject 7C802530 5 Bytes JMP 7C884327 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 001503ED
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 01CF5ADE
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 001514C6
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00151608
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01CF5624
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01CF5366
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01CF552A
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01CF53D9
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01CF5490
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00146A80
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00155EEC
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00155FB0
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00155EA4
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00155F7F
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00155CB0
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00155D09
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00155F30
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00155E03
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00155D62
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0285017D
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 02850346
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 028503ED
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 028514C6
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 02851608
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02855EEC
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 02855FB0
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02855EA4
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 02855F7F
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 02855CB0
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 02855D09
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 02855F30
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 02855E03
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 02855D62
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02854F2B
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] ws2_32.dll!send 71AB4C27 5 Bytes JMP 02854F68
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02854F8E
.text C:\Program Files\Dell\Media Experience\PCMService.exe[1436] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 02846A80
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 016F017D
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 016F0346
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 016F03ED
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 016F14C6
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 016F1608
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016F4F2B
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016F4F68
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016F4F8E
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 016E6A80
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 016F5EEC
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 016F5FB0
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 016F5EA4
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 016F5F7F
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 016F5CB0
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 016F5D09
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 016F5F30
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 016F5E03
.text C:\WINDOWS\system32\ZCfgSvc.exe[1460] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 016F5D62
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00F9017D
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F90346
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00F903ED
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00F914C6
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00F91608
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00F95EEC
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00F95FB0
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00F95EA4
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00F95F7F
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00F95CB0
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00F95D09
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00F95F30
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00F95E03
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00F95D62
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F94F2B
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F94F68
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F94F8E
.text C:\Program Files\Dell\QuickSet\quickset.exe[1720] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00F86A80
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0197017D
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01970346
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 019703ED
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 019714C6
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 01971608
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 01966A80
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01974F2B
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01974F68
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01974F8E
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01975EEC
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01975FB0
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01975EA4
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01975F7F
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01975CB0
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01975D09
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01975F30
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01975E03
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1924] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01975D62
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00EB017D
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00EB0346
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00EB03ED
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00EB14C6
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00EB1608
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EB4F2B
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EB4F68
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EB4F8E
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00EA6A80
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00EB5EEC
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00EB5FB0
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00EB5EA4
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00EB5F7F
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00EB5CB0
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00EB5D09
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00EB5F30
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00EB5E03
.text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[1984] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00EB5D62
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00C8017D
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C80346
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00C803ED
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00C814C6
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00C81608
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C84F2B
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C84F68
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C84F8E
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00C76A80
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00C85EEC
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00C85FB0
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00C85EA4
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00C85F7F
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00C85CB0
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00C85D09
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00C85F30
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00C85E03
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[2000] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00C85D62
.text C:\WINDOWS\system32\WLTRAY.exe[2140] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00FE017D
.text C:\WINDOWS\system32\WLTRAY.exe[2140] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00FE0346
.text C:\WINDOWS\system32\WLTRAY.exe[2140] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00FE03ED
.text C:\WINDOWS\system32\WLTRAY.exe[2140] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00FE14C6
.text C:\WINDOWS\system32\WLTRAY.exe[2140] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00FE1608
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FE4F2B
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FE4F68
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FE4F8E
.text C:\WINDOWS\system32\WLTRAY.exe[2140] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00FD6A80
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00FE5EEC
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00FE5FB0
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00FE5EA4
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00FE5F7F
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00FE5CB0
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00FE5D09
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00FE5F30
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00FE5E03
.text C:\WINDOWS\system32\WLTRAY.exe[2140] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00FE5D62
.text C:\WINDOWS\system32\ctfmon.exe[2368] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00A2017D
.text C:\WINDOWS\system32\ctfmon.exe[2368] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A20346
.text C:\WINDOWS\system32\ctfmon.exe[2368] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00A203ED
.text C:\WINDOWS\system32\ctfmon.exe[2368] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00A214C6
.text C:\WINDOWS\system32\ctfmon.exe[2368] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00A21608
.text C:\WINDOWS\system32\ctfmon.exe[2368] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A24F2B
.text C:\WINDOWS\system32\ctfmon.exe[2368] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A24F68
.text C:\WINDOWS\system32\ctfmon.exe[2368] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A24F8E
.text C:\WINDOWS\system32\ctfmon.exe[2368] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00A16A80
.text C:\WINDOWS\system32\ctfmon.exe[2368] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00A25EEC
.text C:\WINDOWS\system32\ctfmon.exe[2368] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00A25FB0
.text C:\WINDOWS\system32\ctfmon.exe[2368] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00A25EA4
.text C:\WINDOWS\system32\ctfmon.exe[2368] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00A25F7F
.text C:\WINDOWS\system32\ctfmon.exe[2368] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00A25CB0
.text C:\WINDOWS\system32\ctfmon.exe[2368] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00A25D09
.text C:\WINDOWS\system32\ctfmon.exe[2368] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00A25F30
.text C:\WINDOWS\system32\ctfmon.exe[2368] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00A25E03
.text C:\WINDOWS\system32\ctfmon.exe[2368] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00A25D62
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 02425BAC
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0015017D
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150346
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] kernel32.dll!WaitForSingleObject 7C802530 5 Bytes JMP 7C884327 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 001503ED
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 02425ADE
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 001514C6
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00151608
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02425624
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02425366
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0242552A
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WS2_32.dll!recv 71AB676F 5 Bytes JMP 024253D9
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02425490
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00146A80
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00155EEC
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00155FB0
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00155EA4
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00155F7F
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00155CB0
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00155D09
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00155F30
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00155E03
.text C:\Program Files\Internet Explorer\iexplore.exe[2416] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00155D62
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 01CF5BAC
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0015017D
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150346
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] kernel32.dll!WaitForSingleObject 7C802530 5 Bytes JMP 7C884327 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 001503ED
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 01CF5ADE
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 001514C6
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00151608
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01CF5624
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01CF5366
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01CF552A
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01CF53D9
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01CF5490
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00146A80
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00155EEC
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00155FB0
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00155EA4
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00155F7F
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00155CB0
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00155D09
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00155F30
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00155E03
.text C:\Program Files\Internet Explorer\iexplore.exe[2700] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00155D62
.text C:\Program Files\Apoint\Apntex.exe[2724] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0014017D
.text C:\Program Files\Apoint\Apntex.exe[2724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00140346
.text C:\Program Files\Apoint\Apntex.exe[2724] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 001403ED
.text C:\Program Files\Apoint\Apntex.exe[2724] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 001414C6
.text C:\Program Files\Apoint\Apntex.exe[2724] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00141608
.text C:\Program Files\Apoint\Apntex.exe[2724] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00144F2B
.text C:\Program Files\Apoint\Apntex.exe[2724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00144F68
.text C:\Program Files\Apoint\Apntex.exe[2724] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00144F8E
.text C:\Program Files\Apoint\Apntex.exe[2724] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00136A80
.text C:\Program Files\Apoint\Apntex.exe[2724] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00145EEC
.text C:\Program Files\Apoint\Apntex.exe[2724] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00145FB0
.text C:\Program Files\Apoint\Apntex.exe[2724] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00145EA4
.text C:\Program Files\Apoint\Apntex.exe[2724] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00145F7F
.text C:\Program Files\Apoint\Apntex.exe[2724] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00145CB0
.text C:\Program Files\Apoint\Apntex.exe[2724] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00145D09
.text C:\Program Files\Apoint\Apntex.exe[2724] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00145F30
.text C:\Program Files\Apoint\Apntex.exe[2724] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00145E03
.text C:\Program Files\Apoint\Apntex.exe[2724] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00145D62
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0014017D
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00140346
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 001403ED
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 001414C6
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00141608
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00144F2B
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00144F68
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00144F8E
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00136A80
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00145EEC
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00145FB0
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00145EA4
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00145F7F
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00145CB0
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00145D09
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00145F30
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00145E03
.text C:\Documents and Settings\Buck Burkman\Desktop\gmer\gmer.exe[3188] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00145D62
.text C:\WINDOWS\system32\wuauclt.exe[3196] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 0100017D
.text C:\WINDOWS\system32\wuauclt.exe[3196] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01000346
.text C:\WINDOWS\system32\wuauclt.exe[3196] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 010003ED
.text C:\WINDOWS\system32\wuauclt.exe[3196] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 010014C6
.text C:\WINDOWS\system32\wuauclt.exe[3196] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 01001608
.text C:\WINDOWS\system32\wuauclt.exe[3196] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00FF6A80
.text C:\WINDOWS\system32\wuauclt.exe[3196] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01004F2B
.text C:\WINDOWS\system32\wuauclt.exe[3196] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01004F68
.text C:\WINDOWS\system32\wuauclt.exe[3196] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01004F8E
.text C:\WINDOWS\system32\wuauclt.exe[3196] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01005EEC
.text C:\WINDOWS\system32\wuauclt.exe[3196] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 01005FB0
.text C:\WINDOWS\system32\wuauclt.exe[3196] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01005EA4
.text C:\WINDOWS\system32\wuauclt.exe[3196] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01005F7F
.text C:\WINDOWS\system32\wuauclt.exe[3196] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01005CB0
.text C:\WINDOWS\system32\wuauclt.exe[3196] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01005D09
.text C:\WINDOWS\system32\wuauclt.exe[3196] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01005F30
.text C:\WINDOWS\system32\wuauclt.exe[3196] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 01005E03
.text C:\WINDOWS\system32\wuauclt.exe[3196] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 01005D62

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B2FFCD20
Device B30009F2

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Scan saved at 4:48:59 PM, on 5/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Documents and Settings\Buck Burkman\Desktop\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\Buck Burkman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.253:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: X# Copyright © 1993-1999 Microsoft Corp.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [{5F0AC079-4890-5D17-73F7-A75B52174B21}] "C:\Documents and Settings\Buck Burkman\Application Data\Tycam\faqey.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000096.000001d8
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124592001081
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124591937180
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O18 - Filter hijack: text/html - {2efec02b-6bf9-4ca6-a317-d7b8a6882da3} - C:\WINDOWS\msvcirt32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9640 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Buck Burkman.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-03-13 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL [2010-03-13 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-23 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-03-13 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-26 4632576]
"nwiz"=nwiz.exe /installquiet []
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-02-02 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-23 148888]
"bacstray"=C:\WINDOWS\system32\BacsTray.exe [2003-05-14 98304]
"PRONoMgr.exe"=C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-19 86016]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2004-05-16 528384]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-11-08 26112]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-11-08 77824]
"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2004-04-19 53248]
"MMTray"=C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe [2004-04-19 131072]
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2005-10-13 69632]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"{5F0AC079-4890-5D17-73F7-A75B52174B21}"=C:\Documents and Settings\Buck Burkman\Application Data\Tycam\faqey.exe [2005-04-18 129570]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]
""=C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 638816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll [2004-01-13 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{178cda47-8c53-11db-9a0b-000f1f2ba196}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e654d40-9db3-11db-9a13-000f1f2ba196}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-05-27 16:25:37 ----D---- C:\Program Files\trend micro
2010-05-27 16:25:36 ----D---- C:\rsit
2010-05-27 11:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-22 11:30:03 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-05-18 20:05:09 ----A---- C:\feed.txt
2010-05-13 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-05-27 16:48:28 ----D---- C:\WINDOWS\Temp
2010-05-27 16:42:50 ----D---- C:\WINDOWS\Prefetch
2010-05-27 16:41:28 ----D---- C:\WINDOWS
2010-05-27 16:41:13 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2010-05-27 16:39:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-27 16:28:57 ----D---- C:\FTW
2010-05-27 16:28:57 ----A---- C:\WINDOWS\WIN.INI
2010-05-27 16:28:57 ----A---- C:\WINDOWS\MPLAYER.INI
2010-05-27 16:25:37 ----D---- C:\Program Files
2010-05-27 16:11:40 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-05-27 14:04:38 ----D---- C:\WINDOWS\SYSTEM32
2010-05-27 13:30:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-27 13:08:32 ----HD---- C:\WINDOWS\INF
2010-05-23 17:29:54 ----D---- C:\WINDOWS\Minidump
2010-05-23 11:20:55 ----SHD---- C:\System Volume Information
2010-05-23 11:20:55 ----D---- C:\WINDOWS\system32\Restore
2010-05-22 13:23:05 ----D---- C:\Program Files\Symantec
2010-05-20 16:02:34 ----D---- C:\Documents and Settings\Buck Burkman\Application Data\Ihewy
2010-05-13 03:06:38 ----SHD---- C:\WINDOWS\Installer
2010-05-13 03:02:31 ----A---- C:\WINDOWS\imsins.BAK
2010-05-13 03:02:18 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-05-13 03:02:17 ----D---- C:\Program Files\Outlook Express
2010-05-12 10:25:20 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-03 19:40:56 ----D---- C:\WINDOWS\Help
2010-04-30 14:51:06 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-13 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-13 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100520.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2010-03-13 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2010-03-13 43696]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2010-03-13 217136]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-08 8552]
R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-11-08 14037]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2003-09-15 11258]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-08-21 94600]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-06-02 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-03-13 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-11-08 28352]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100526.039\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100526.039\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-10-26 2830688]
R3 pfc;Padus ASPI Shell; \??\C:\WINDOWS\system32\drivers\pfc.sys []
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-05-12 258704]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2010-03-13 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2010-03-13 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-13 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2010-03-13 36400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-01-14 1648640]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-13 36400]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-23 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 N360;Norton Security Suite; C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-13 117640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-26 127044]
R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2004-01-13 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2004-01-13 311363]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2002-05-02 65536]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:02 AM

Posted 27 May 2010 - 04:21 PM

Hello, BuckB.
That's perfect (although you seem to have pasted the GMER log into the middle of the RSIT log tongue.gif).

Let's try this:
We need to run an MBR scan
  1. Please download MBR.exe and save it to your root directory (usually C:\).
  2. Now click Start > Run and copy/paste the following text in the box that opens. Do not copy the word "code".
    CODE
    C:\mbr.exe -t
  3. Press enter.
  4. An mbr.log should be created in your root directory. Please post its contents in your next reply.

In your next reply, please include the following:
  • mbr.exe log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 BuckB

BuckB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 27 May 2010 - 05:26 PM

No dice. Saved MBR.exe to C:\ then opened Run and copied the command. Got an error message indicating that no such file could be found. Did an ordinary search and found a file labeled MBR (not MBR.exe) in the C:\drive. Thoughts?

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:02 AM

Posted 27 May 2010 - 05:33 PM

Hi!

The .exe is not present on the file you're seeing because your windows is set to hide them (which is not a problem).

If the file is in the C: drive, then the run command should not have a problem. Try manually typing the command in (just make sure that you include the space between the .exe and the -t).

Let me know if you're still having trouble with it and we can take another approach smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 BuckB

BuckB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 27 May 2010 - 07:30 PM

OK, missed the space. I found the MBR file--not much of a log there. Pasting what I found.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A20D01]<<
kernel: MBR read successfully
user & kernel MBR OK

Buck B
Tallahassee, Florida

#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:02 AM

Posted 27 May 2010 - 08:19 PM

Hello, BuckB.
Yes, that's the MBR log we need smile.gif

We need to run TDSSKiller
  1. Download TDSSKiller and save it to your Desktop.
  2. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  3. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks and do not include the word "Code") Then press OK.
    CODE
    "%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\Desktop\TDSSKiller.txt" -v

    **Note:If it says "Hidden service detected" DO NOT type anything in. Just press Enter.
  4. When it is done, a log file should be created on your desktop called "TDSSKiller.txt" please copy and paste the contents of that file here

In your next reply, please include the following:
  • TDSSKiller.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 BuckB

BuckB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 28 May 2010 - 10:07 AM

Hi. Couldn't open with code typed into Run but did a search and found TDSSKiller.exe. Ran the program and the churning program indicated that it was killing some files (did not record which). Log indicated that the changes would take effect with a restart. When I tried to select the log for copying (CTRL A) windows shut down. I restarted and re-did everything with the same result but this time the log indicated no files killed. Again CTRL A shut windows down. Am I missing something?

You have the patience of Job!

BuckB Tallahasse, Florida


#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:02 AM

Posted 28 May 2010 - 11:59 AM

Hi smile.gif

Okay, let's see if the program did its job then. Please generate a fresh MBR log (same way you did last time) and post the log here smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 BuckB

BuckB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 28 May 2010 - 01:02 PM

Ran MBR.exe but after log flashed it disappeared.Second trial' same result. Hence I could not copy log.

Turns out TDSSKiller did produce a log. It is copied below.

BuckB
Tallahassee, Florida

10:30:19:159 3444 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
10:30:19:159 3444 ================================================================================
10:30:19:159 3444 SystemInfo:

10:30:19:159 3444 OS Version: 5.1.2600 ServicePack: 3.0
10:30:19:159 3444 Product type: Workstation
10:30:19:159 3444 ComputerName: NANCY
10:30:19:159 3444 UserName: Buck Burkman
10:30:19:159 3444 Windows directory: C:\WINDOWS
10:30:19:159 3444 Processor architecture: Intel x86
10:30:19:159 3444 Number of processors: 1
10:30:19:159 3444 Page size: 0x1000
10:30:19:159 3444 Boot type: Normal boot
10:30:19:159 3444 ================================================================================
10:30:20:040 3444 Initialize success
10:30:20:040 3444
10:30:20:040 3444 Scanning Services ...
10:30:20:821 3444 Raw services enum returned 363 services
10:30:20:821 3444
10:30:20:821 3444 Scanning Drivers ...
10:30:21:983 3444 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:30:22:203 3444 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:30:22:344 3444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:30:22:574 3444 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:30:22:804 3444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:30:22:975 3444 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
10:30:23:125 3444 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:30:23:325 3444 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:30:23:515 3444 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:30:23:716 3444 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:30:23:886 3444 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:30:24:056 3444 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:30:24:266 3444 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:30:24:477 3444 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:30:24:667 3444 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:30:24:797 3444 ApfiltrService (42860ba463d5c9c58a91d1ad208169a9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
10:30:24:917 3444 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:30:25:068 3444 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:30:25:268 3444 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:30:25:528 3444 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:30:25:718 3444 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
10:30:25:869 3444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:30:26:059 3444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:30:26:289 3444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:30:26:520 3444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:30:26:700 3444 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys
10:30:26:860 3444 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:30:27:461 3444 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
10:30:28:362 3444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:30:28:843 3444 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
10:30:29:824 3444 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:30:29:985 3444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:30:30:145 3444 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
10:30:30:305 3444 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:30:30:545 3444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:30:30:686 3444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:30:30:826 3444 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:30:31:156 3444 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:30:31:357 3444 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:30:31:537 3444 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:30:31:727 3444 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:30:31:867 3444 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:30:31:987 3444 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:30:32:238 3444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:30:32:488 3444 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:30:32:699 3444 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:30:32:889 3444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:30:33:099 3444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:30:33:249 3444 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:30:33:450 3444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:30:33:600 3444 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
10:30:33:790 3444 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
10:30:33:950 3444 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:30:34:171 3444 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:30:34:231 3444 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:30:34:381 3444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:30:34:551 3444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:30:34:751 3444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:30:34:902 3444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:30:35:092 3444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:30:35:272 3444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:30:35:402 3444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:30:35:653 3444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:30:35:873 3444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:30:36:063 3444 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:30:36:264 3444 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:30:36:514 3444 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:30:36:654 3444 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:30:36:834 3444 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:30:37:035 3444 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:30:37:465 3444 IDSxpx86 (6e42876010256ee5119baf0838574e0c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100520.001\IDSxpx86.sys
10:30:37:596 3444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:30:37:786 3444 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:30:37:926 3444 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:30:38:046 3444 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:30:38:216 3444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:30:38:407 3444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:30:38:617 3444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:30:38:807 3444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:30:38:988 3444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:30:39:598 3444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:30:39:929 3444 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:30:40:119 3444 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:30:40:340 3444 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
10:30:40:550 3444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:30:40:720 3444 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:30:41:000 3444 MDC8021X (0f528e44cdc78365be693ae723e3801c) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
10:30:41:101 3444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:30:41:221 3444 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:30:41:391 3444 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:30:41:992 3444 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:30:42:372 3444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:30:42:603 3444 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:30:42:863 3444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:30:43:043 3444 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:30:43:204 3444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:30:43:354 3444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:30:43:654 3444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:30:43:845 3444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:30:44:045 3444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:30:44:195 3444 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:30:44:375 3444 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
10:30:44:746 3444 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100527.039\NAVENG.SYS
10:30:45:146 3444 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100527.039\NAVEX15.SYS
10:30:45:327 3444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:30:45:497 3444 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:30:45:687 3444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:30:45:807 3444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:30:45:968 3444 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:30:46:048 3444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:30:46:178 3444 NetBT (51df61f382e5a8537591361f213ebf4b) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:30:46:178 3444 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 51df61f382e5a8537591361f213ebf4b, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
10:30:46:178 3444 File "C:\WINDOWS\system32\DRIVERS\netbt.sys" infected by TDSS rootkit ... 10:30:49:583 3444 Backup copy found, using it..
10:30:50:384 3444 will be cured on next reboot
10:30:50:584 3444 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:30:50:724 3444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:30:50:855 3444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:30:51:065 3444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:30:51:496 3444 nv (9e4b052c76949de445ad6439cd473548) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:30:51:876 3444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:30:52:066 3444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:30:52:347 3444 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:30:52:497 3444 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
10:30:52:707 3444 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:30:52:888 3444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:30:53:068 3444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:30:53:288 3444 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:30:53:559 3444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:30:53:769 3444 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:30:54:550 3444 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:30:54:760 3444 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:30:54:971 3444 pfc (2748103d03cb1dc0b07635c25d508208) C:\WINDOWS\system32\drivers\pfc.sys
10:30:55:181 3444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:30:55:571 3444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:30:56:252 3444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:30:56:913 3444 PxHelp20 (b5dfb86a6caeae9b2bf3dedb43be6393) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:30:57:134 3444 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:30:57:494 3444 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:30:57:694 3444 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:30:57:895 3444 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:30:58:095 3444 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:30:58:295 3444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:30:58:466 3444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:30:58:666 3444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:30:58:846 3444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:30:59:046 3444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:30:59:187 3444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:30:59:417 3444 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:30:59:627 3444 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:30:59:828 3444 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:31:00:028 3444 s24trans (41cf7128424f3bdc35b05be3cc8ce7ec) C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:31:00:178 3444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:31:00:478 3444 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:31:00:979 3444 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:31:01:340 3444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:31:01:700 3444 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:31:01:921 3444 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:31:02:121 3444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:31:02:181 3444 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:31:02:511 3444 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
10:31:02:752 3444 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
10:31:02:982 3444 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
10:31:03:142 3444 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
10:31:03:633 3444 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
10:31:04:204 3444 STAC97 (b3034de9020cde2c46f653d972446bf2) C:\WINDOWS\system32\drivers\stac97.sys
10:31:04:654 3444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:31:04:855 3444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:31:05:035 3444 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:31:05:235 3444 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:31:05:496 3444 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
10:31:05:706 3444 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
10:31:05:956 3444 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
10:31:06:137 3444 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
10:31:06:307 3444 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
10:31:06:347 3444 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
10:31:06:527 3444 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
10:31:06:707 3444 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
10:31:06:858 3444 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:31:07:098 3444 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:31:07:328 3444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:31:07:539 3444 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:31:07:709 3444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:31:07:919 3444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:31:08:109 3444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:31:08:290 3444 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
10:31:08:400 3444 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
10:31:08:520 3444 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
10:31:08:590 3444 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
10:31:08:720 3444 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
10:31:08:830 3444 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
10:31:08:921 3444 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
10:31:09:011 3444 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
10:31:09:141 3444 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
10:31:09:331 3444 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:31:09:531 3444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:31:09:732 3444 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:31:09:942 3444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:31:10:182 3444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:31:10:373 3444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:31:10:563 3444 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:31:11:214 3444 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:31:11:695 3444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:31:11:885 3444 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:31:12:095 3444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:31:12:305 3444 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:31:12:546 3444 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:31:12:736 3444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:31:13:027 3444 w22n51 (4fed83668f087ecbe810ea90beceb765) C:\WINDOWS\system32\DRIVERS\w22n51.sys
10:31:13:377 3444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:31:13:707 3444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:31:13:707 3444 Reboot required for cure complete..
10:31:14:388 3444 Cure on reboot scheduled successfully
10:31:14:388 3444
10:31:14:388 3444 Completed
10:31:14:388 3444
10:31:14:388 3444 Results:
10:31:14:388 3444 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
10:31:14:388 3444 File objects infected / cured / cured on reboot: 1 / 0 / 1
10:31:14:388 3444
10:31:14:388 3444 KLMD(ARK) unloaded successfully


#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:02 AM

Posted 28 May 2010 - 03:32 PM

Hello, BuckB.
Fantastic! Are you still getting redirected? Any other problems? If not, please proceed with the below
We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 20 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run an ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the ESET Online Scanner button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the Eset Smart Installer icon on your desktop.
  4. Check the "YES, I accept the Terms of Use"
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check Scan archives
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push "List of found threats"
  11. Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the "< button.
  13. Push Finish

In your next reply, please include the following:
  • Eset Scan Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 BuckB

BuckB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 29 May 2010 - 09:42 AM

Hi,
Still have the redirect problem. Google search for "frog" turns up lots of "frog" sites but when I click on any one I get sent to an irrelevant site. Still have the pop-up on my Bank of America site too. When I open my account the info is obscured by a pop-up asking for credit card number and personal ID info. User name, password and site key all seem to be functioning normally.Inserting phony data removes the pop-up but it appears again the next time I open the site.

Shall I go ahead with the Java up date and Eset scan?

BuckB
Tallahassee, Florida

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:02 AM

Posted 29 May 2010 - 12:28 PM

Hello, BuckB.
Nope, don't bother with the updates just yet. Let's try and remove this infection.

We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 BuckB

BuckB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 29 May 2010 - 07:22 PM

OK. Hope I got the scan right. Here's the log.

ComboFix 10-05-29.03 - Buck Burkman 05/29/2010 19:53:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.703 [GMT -4:00]
Running from: c:\documents and settings\Buck Burkman\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
The following files were disabled during the run:
c:\documents and settings\Buck Burkman\Local Settings\Application Data\Windows Server\uytuel.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Buck Burkman\Application Data\Tycam
c:\documents and settings\Buck Burkman\Application Data\Tycam\faqey.exe
c:\documents and settings\Buck Burkman\Local Settings\Application Data\Windows Server
c:\documents and settings\Buck Burkman\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Buck Burkman\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\Buck Burkman\Local Settings\Application Data\Windows Server\uytuel.dll
c:\documents and settings\Buck Burkman\Local Settings\Application Data\Windows Server\uytuel.dll.vir
C:\feed.txt
c:\windows\msv1_0.dll
c:\windows\system32\drivers\fad.sys

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 )))))))))))))))))))))))))))))))
.

2010-05-29 23:59 . 2010-05-30 00:01 -------- d-----w- c:\documents and settings\Buck Burkman\Local Settings\Application Data\Windows Server
2010-05-27 22:07 . 2010-05-27 22:07 77312 ----a-w- C:\mbr.exe
2010-05-27 20:25 . 2010-05-27 20:48 -------- d-----w- c:\program files\trend micro
2010-05-27 20:25 . 2010-05-27 20:25 -------- d-----w- C:\rsit
2010-05-27 20:23 . 2010-05-27 20:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-27 00:01 . 2010-05-27 00:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 15:30 . 2010-05-22 15:30 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-03 00:28 . 2010-05-03 00:28 -------- d-----w- c:\documents and settings\Buck Burkman\Local Settings\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 14:32 . 2004-08-04 11:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-05-22 23:16 . 2004-11-08 19:24 11618 ----a-w- c:\windows\system32\nvModes.dat
2010-05-22 22:36 . 2010-05-22 22:36 348160 ----a-w- c:\documents and settings\Buck Burkman\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-15e4f6f1-n\msvcr71.dll
2010-05-22 22:36 . 2010-05-22 22:36 503808 ----a-w- c:\documents and settings\Buck Burkman\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-15e4f6f1-n\msvcp71.dll
2010-05-22 22:36 . 2010-05-22 22:36 499712 ----a-w- c:\documents and settings\Buck Burkman\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-15e4f6f1-n\jmc.dll
2010-05-22 17:23 . 2010-03-13 19:28 -------- d-----w- c:\program files\Symantec
2010-05-20 20:02 . 2008-06-08 06:12 -------- d-----w- c:\documents and settings\Buck Burkman\Application Data\Ihewy
2010-04-15 01:15 . 2009-11-09 15:28 79488 ----a-w- c:\documents and settings\Buck Burkman\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-13 19:28 . 2010-03-13 19:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-13 19:28 . 2010-03-13 19:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-13 19:28 . 2010-03-13 19:29 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-13 19:28 . 2010-03-13 19:29 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-13 19:28 . 2010-03-13 19:29 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-10 06:15 . 2004-08-04 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 03:18 . 2010-03-07 03:18 86008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-03-08 638816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"nwiz"="nwiz.exe" [2004-10-26 921600]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-02 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-23 148888]
"bacstray"="BacsTray.exe" [2003-05-15 98304]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-19 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-05-17 528384]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-08 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-08 77824]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2005-10-14 69632]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-13 21:17 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\SymEFA.sys [3/13/2010 5:11 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\BHDrvx86.sys [3/13/2010 5:11 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0308000.029\cchpx86.sys [3/13/2010 5:11 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100520.001\IDSXpx86.sys [10/28/2009 6:37 PM 329592]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/13/2010 5:11 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/26/2010 4:00 AM 102448]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = 192.168.0.253:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: comcast.net\mailcenter
Trusted Zone: comcast.net\webauth
Trusted Zone: comcast.net\www
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{5F0AC079-4890-5D17-73F7-A75B52174B21} - c:\documents and settings\Buck Burkman\Application Data\Tycam\faqey.exe
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 20:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????@???????????????X:??????????8???????x????????:??x???????????????????x???? ??x???x???????H??????|????????x???????@???????4???????x???????????x??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LgNotify.dll

- - - - - - - > 'explorer.exe'(2248)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\BacsTray.exe
c:\windows\system32\1XConfig.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-05-29 20:16:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-30 00:16

Pre-Run: 24,600,403,968 bytes free
Post-Run: 24,785,158,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E5330946D4B62266AECD4477A7DF1164





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users