Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Browser w/probable infection


  • Please log in to reply
84 replies to this topic

#1 ckirk

ckirk

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:12 AM

Posted 25 August 2010 - 06:39 PM

We don't rely on this computer that much; hence, when we noticed it there were red warnings from a Security Suite Virus Software on the screen. Unfortunately, our daughter [autistic] was on the machine shortly before all this but is unable [or unwilling] to say what led up to this. This is an XP machine. It will probably take a few hours to backup [I'm doing it from another networked computer...is there a chance of infecting more computers?]

I am unable to access help/control panel and when I try to do a boot into safe mode the only thing I'm able to do is see it and unable to use keyboard [it appears to be disabled]. I can get into the bios and can successfully use the keyboard so maybe that offers a possibility.

Wish I could give you more info. Just ask...I'll try to give you more of the info from what I see; however, EVERY TIME a browser window opens it states "INTERNET EXPLORER WARNING: VISITING THIS WEBSITE MAY DO HARM TO YOUR COMPUTER." Also, I've now come back to the computer and it has a Viagra page up and before this there was a porn page. YIKES HELP

cm

I will continue while I'm waiting to do more diagnostics as I'm able. At this point, the browser is launching to bogus sites and not allowing a search or redirect...like to BC. I've tried to run Malwarebytes, etc w/o launch and apparently blocked by this virus.

1] allows restart w/Del to enter BIOS
Load Fail Safe Defaults??
Boot from CD??

2] Shift F10 into Safe Mode Screen...but keyboard disabled??
3] Running Avast Pro 5.o on this machine [sorry should have included that above]
4] Windows Genuine Advantage Notification
Security Warning
"Ap cannot be executed. The file drwtson32.exe is infected. Do you wish to activate your antivirus software now." This message appears with all aps trying to be used. When clicked it launches a Security Antivirus Software scanning scan and attempts to scan. I do not let it continue. All apps when attempt to be opened are blocked carrying the same notice: such as, "THE FILE MBAM.EXE IS INFECTED. DO YOU WISH...." BLAH BLAH BLAH
5]There is a warning coming up near the systray that reads: Windows Antivirus Sotward Alert Infiltration Alert Your computer is being attacked by an internet virus. It could be a password stealing attach a trojan-dropper of similar. Details: Attack from 130.56.250.215 port 51559 Attacked port 44531 Threat banker fox.a

This all looks official WITH THE WINDOWS EMBLEM but I know that it is not. I do not launch or start any of these scanner. When they have launched, they start scanning; however, I immediately stop them.
6] I am able to open, update and scan with Avast. I updated and am now doing a quick scan. Will probably continue with a full scan after.

Schedule an Avast boot scan: found Java:Gimsh-A [moved all to chest]. This operation was successful but later during the scan an eml was found .pif infected by Win32:Mytob-FG [wrm] and failed to delete/move to chest/repair and don't really want to ignore but will await directions.

Schedule an Avast boot scan: found Java:Gimsh-A [moved all to chest]. This operation was successful but later during the scan an eml was found .pif infected by Win32:Mytob-FG [wrm] and failed to delete/move to chest/repair.

I'm am doing another boot scan to see if the results are the same. Same results.

Rebooted and was able to get Malwarebytes up and running. Logs to follow.

Additional information 8.28.10

I've been reading the forum and have tried Grindler's rkill in all its forms but without success. At one point, it finally caught but the browser spawning, warnings, etc would not go away or close without immediately initiating again and again.

I have tried updated Malwarebytes but it is closed immediately.

I've noticed that IE & Firefox have proxy selected and have tried to override but this is something that continues to be turned on with the virus.

I am able to open some programs in the initial boot cycle and will continue to try to update Malwarebytes at this point.

NOTE: Topic will not allow me to edit.

EDIT: Posts merged ~BP

Edited by Budapest, 29 August 2010 - 04:30 PM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:12 AM

Posted 30 August 2010 - 02:13 PM

Hi ckirk,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - Preparation Guide

Please follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.

STEP 2 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 4 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 5 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:12 AM

Posted 31 August 2010 - 09:26 AM

Thank you...and I will be working on this; however, my daughter had to have back surgery and it may take me awhile to get back to you consistently. I wanted you to know though that I will make this my highest priority.

#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:12 AM

Posted 31 August 2010 - 10:39 AM

Hi there,

Not a problem, take your time. I'll keep this topic open in the meantime.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:12 AM

Posted 31 August 2010 - 02:57 PM

First, we had turned the computer off until today. Today when I started it, it appeared that the r-kill etal added to the startup folder actually stopped some of the processes because it is no longer throwing up bogus sites, is allowing me to access the browser myself to download suggested site files. But, it still is blocking other things like most of the folders within the control panel [rec'v error "the instruction at "0x0ec83c38" referenced memory at "0x00000000". The memory could not be "written". Click on OK to terminate the program."] It allow running of defogger,dds,gmer [see logs below]. I tried to install malwarebytes and update; however, I am getting an error when updating [error code 732 (12029,0)] and it wants to restart of which I'm very leery because when I read about this problem on BC it says that the virus can restart on reboot. So, I will await directions before restarting and will include the log to this point. [Note: I followed the preparation guide step by step...that is why GMER logs are included. Your order has GMER coming after Malwarebytes scan.] When I tried to upload, it was blocked. Used a flash drive on another computer to post and was told that it was too long; hence, the 2 posts.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Kirk at 9:48:43.40 on Tue 08/31/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.424 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
D:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll
BHO: adfaqpyxpr Object: {7a7e6519-7119-4f00-9b54-801ad65c8bc9} - c:\windows\$ntuninstallmtf1011$\mmduch.dll
BHO: brumaqpyxgrm Object: {dffa5f37-2b7a-454a-b3d9-9330ff7b881f} - c:\windows\$ntuninstallmtf1011$\mmx.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\toolbar\SZSG.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Auto EPSON Stylus Photo R280 Series (Copy 1) on CARYLSHOTONE] c:\windows\system32\spool\drivers\w32x86\3\e_faticka.exe /fu "c:\windows\temp\E_SE.tmp" /EF "HKCU"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [golqifvx] c:\documents and settings\networkservice\local settings\application data\cxkdcksxh\cuauvaashdw.exe
mRun: [bipro] rundll32 "c:\windows\$ntuninstallmtf1011$\mmduch.dll",,Run
dRun: [Nhipiseciyo] rundll32.exe "c:\windows\nsbdrs.dll",Startup
dRun: [golqifvx] c:\documents and settings\networkservice\local settings\application data\cxkdcksxh\cuauvaashdw.exe
dRun: [golqifvx] c:\documents and settings\networkservice\local settings\application data\cxkdcksxh\cuauvaashdw.exe
StartupFolder: c:\docume~1\kirk\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\kirk\startm~1\programs\startup\mywebs~1.lnk - c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\freewe~1.lnk - c:\program files\coffeecup software\coffeecup free ftp\ThirtyDayTimer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mywebs~1.lnk - c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.my-etrust.com/Support/PestScanner/pestscan.cab
DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093453873731
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kirk\applic~1\mozilla\firefox\profiles\default.udu\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/index.html
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\j2re1.4.2_06\bin\NPJPI142_06.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-2-24 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-24 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-24 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 40384]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2006-1-24 135168]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2007-1-29 61526]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-3 833168]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 40384]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2008-11-6 26752]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-27 79520]
S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\drivers\drvagent32.sys --> c:\windows\system32\drivers\DrvAgent32.sys [?]

=============== Created Last 30 ================

2010-08-31 14:46:39 0 -c--a-w- c:\documents and settings\kirk\defogger_reenable
2010-08-25 20:48:14 0 dc----w- c:\docume~1\kirk\applic~1\Street-Ads
2010-08-25 20:48:12 0 dc----w- c:\docume~1\kirk\applic~1\Sky-Banners
2010-08-25 17:39:21 2843 -c--a-w- C:\zrpt.xml
2010-08-25 16:23:18 0 dc----w- c:\docume~1\alluse~1\applic~1\Update
2010-08-05 05:21:42 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2010-08-05 05:21:30 0 d-----w- c:\program files\Coupons

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-22 20:09:17 0 ---ha-w- c:\program files\hpothb07.dat
2009-07-22 20:09:10 0 ---ha-w- c:\program files\hpothb07.tif
2004-10-12 15:35:36 33 ----a-w- c:\program files\LF.key
2003-11-19 23:37:52 10459 ----a-w- c:\program files\readme.txt
2008-08-31 15:07:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 9:52:44.48 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/25/2004 11:02:27 AM
System Uptime: 8/31/2010 9:34:03 AM (0 hours ago)

Motherboard: First International Computer, Inc. | | AT31
Processor: AMD Athlon™ XP 1800+ | Socket A | 1523/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 7.044 GiB free.
D: is Removable
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP722: 7/11/2010 12:32:02 PM - System Checkpoint
RP723: 7/12/2010 1:15:20 PM - System Checkpoint
RP724: 7/13/2010 1:32:21 PM - System Checkpoint
RP725: 7/14/2010 1:57:47 PM - System Checkpoint
RP726: 7/14/2010 7:00:27 PM - Software Distribution Service 3.0
RP727: 7/15/2010 7:40:22 PM - System Checkpoint
RP728: 7/16/2010 8:13:29 PM - System Checkpoint
RP729: 7/17/2010 8:19:36 PM - System Checkpoint
RP730: 7/18/2010 8:21:35 PM - System Checkpoint
RP731: 7/19/2010 8:55:18 PM - System Checkpoint
RP732: 7/20/2010 3:33:18 PM - Installed WeatherBug
RP733: 7/21/2010 3:57:17 PM - System Checkpoint
RP734: 7/22/2010 4:57:17 PM - System Checkpoint
RP735: 7/23/2010 5:13:18 PM - System Checkpoint
RP736: 7/24/2010 5:29:44 PM - System Checkpoint
RP737: 7/25/2010 5:37:01 PM - System Checkpoint
RP738: 7/26/2010 6:37:00 PM - System Checkpoint
RP739: 7/27/2010 7:10:18 PM - System Checkpoint
RP740: 7/28/2010 12:26:09 AM - Installed iTunes
RP741: 7/28/2010 12:55:03 AM - Installed Windows Media Player 10
RP742: 7/28/2010 12:58:25 AM - Software Distribution Service 3.0
RP743: 7/29/2010 1:50:01 AM - System Checkpoint
RP744: 7/29/2010 7:00:27 PM - Software Distribution Service 3.0
RP745: 7/30/2010 7:42:07 PM - System Checkpoint
RP746: 7/31/2010 8:00:08 PM - System Checkpoint
RP747: 8/1/2010 10:39:11 PM - System Checkpoint
RP748: 8/2/2010 7:00:30 PM - Software Distribution Service 3.0
RP749: 8/3/2010 8:21:08 PM - System Checkpoint
RP750: 8/4/2010 9:00:24 PM - System Checkpoint
RP751: 8/5/2010 9:05:08 PM - System Checkpoint
RP752: 8/6/2010 9:20:18 PM - System Checkpoint
RP753: 8/7/2010 9:39:21 PM - System Checkpoint
RP754: 8/8/2010 10:31:18 PM - System Checkpoint
RP755: 8/9/2010 11:49:34 PM - System Checkpoint
RP756: 8/10/2010 12:36:08 PM - Software Distribution Service 3.0
RP757: 8/11/2010 1:30:06 PM - System Checkpoint
RP758: 8/12/2010 2:16:25 PM - System Checkpoint
RP759: 8/13/2010 2:54:57 PM - System Checkpoint
RP760: 8/14/2010 3:26:34 PM - System Checkpoint
RP761: 8/15/2010 4:25:34 PM - System Checkpoint
RP762: 8/16/2010 5:12:14 PM - System Checkpoint
RP763: 8/17/2010 5:31:55 PM - System Checkpoint
RP764: 8/18/2010 6:31:54 PM - System Checkpoint
RP765: 8/19/2010 7:07:11 PM - System Checkpoint
RP766: 8/20/2010 7:47:43 PM - System Checkpoint
RP767: 8/22/2010 8:27:35 AM - System Checkpoint
RP768: 8/23/2010 9:21:51 AM - System Checkpoint
RP769: 8/24/2010 9:58:49 AM - System Checkpoint
RP770: 8/25/2010 4:22:34 PM - System Checkpoint
RP771: 8/26/2010 8:14:33 PM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adventure Inlay™
AnswerWorks 4.0 Runtime - English
APC PowerChute Personal Edition
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
avast! Pro Antivirus
Bonjour
C4USelfUpdater
CoffeeCup Free FTP
Core FTP LE 2.1
Coupon Printer for Windows
Dell Photo AIO Printer 964
Dell Printer Software
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
iPod for Windows 2005-06-26
iS3 STOPzilla Toolbar
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Macromedia Dreamweaver 4
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 2000
Mozilla Firefox (3.6.8)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
Pdf995
Photoshop FITS Liberator 1.0.1
PowerDVD
QuickTime
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
ShareIns
Street-Ads Browser Enhancer
Symantec KB-DocID:2003093015493306
TaxCut Premium 2006
TurboTax Basic 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB 2.0 Wireless LAN Card Utility
Vtune 5.1
WeatherBug
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Yahoo! Photos Easy Upload Tool 1v4

==== Event Viewer Messages From Past Week ========

8/28/2010 4:15:31 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer ROBERTSDELL that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C6919788-930A-4B. The master browser is stopping or an election is being forced.
8/26/2010 7:40:36 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/26/2010 7:40:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
8/26/2010 2:42:15 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is ROBERTSDELL.
8/26/2010 1:57:15 PM, error: ati2mtag [43015] - I2c return failed
8/25/2010 6:42:45 AM, error: NetBT [4321] - The name "KIRKSCONNECTION:1d" could not be registered on the Interface with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not allow the name to be claimed by this machine.
8/25/2010 6:37:58 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0014A59B4627 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/25/2010 6:25:02 AM, error: NetBT [4321] - The name "KIRKSCONNECTION:1d" could not be registered on the Interface with IP address 192.168.1.4. The machine with the IP address 192.168.1.2 did not allow the name to be claimed by this machine.
8/24/2010 2:16:16 AM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
8/24/2010 2:16:16 AM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is CARYLSDELL.

==== End Of File ===========================


#6 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:12 AM

Posted 31 August 2010 - 03:01 PM

told this one was too long also...hence, 2 parts

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 14:23:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Kirk\LOCALS~1\Temp\uwxoypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwAddBootEntry [0xF175A130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwClose [0xF177350D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEvent [0xF175BCE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEventPair [0xF175BD3A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateIoCompletion [0xF175BE50]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateKey [0xF1772EC1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateMutant [0xF175BC38]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSection [0xF175BD8A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSemaphore [0xF175BC8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateTimer [0xF175BDFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteBootEntry [0xF175A154]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteKey [0xF1773BD3]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteValueKey [0xF1773CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDuplicateObject [0xF175C582]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateKey [0xF1773A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateValueKey [0xF17738A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwLoadDriver [0xF1759F5C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwModifyBootEntry [0xF175A178]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEvent [0xF175BD12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEventPair [0xF175BD62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenIoCompletion [0xF175BE7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenKey [0xF177321D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenMutant [0xF175BC64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenProcess [0xF175C3BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSection [0xF175BDCA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSemaphore [0xF175BCBA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenThread [0xF175C49E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenTimer [0xF175BE28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryKey [0xF1773724]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryObject [0xF175AB48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryValueKey [0xF1773576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF17A4210]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePort [0xF175C6F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePortEx [0xF175C2F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwRestoreKey [0xF177255C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetBootEntryOrder [0xF175A19C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetBootOptions [0xF175A1C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetSystemInformation [0xF1759FB6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF17A3EC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwShutdownSystem [0xF175A0C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSystemDebugControl [0xF175A0D8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF17B0B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 448 804E2AB4 1 Byte [D8]
PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F17ADF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP F17B0BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP F17AC5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xF6147000, 0x1B601E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[204] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE[340] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\spoolsv.exe[364] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\spoolsv.exe[364] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\spoolsv.exe[364] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\spoolsv.exe[364] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\spoolsv.exe[364] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\spoolsv.exe[364] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\spoolsv.exe[364] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\spoolsv.exe[364] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\spoolsv.exe[364] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\system32\spoolsv.exe[364] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Documents and Settings\Kirk\Local Settings\Temp\gmer.exe[412] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\System32\svchost.exe[416] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\System32\svchost.exe[416] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\System32\svchost.exe[416] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\System32\svchost.exe[416] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\System32\svchost.exe[416] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\System32\svchost.exe[416] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\System32\svchost.exe[416] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\System32\svchost.exe[416] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\System32\svchost.exe[416] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\System32\svchost.exe[448] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\System32\svchost.exe[448] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\System32\svchost.exe[448] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\System32\svchost.exe[448] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\System32\svchost.exe[448] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\System32\svchost.exe[448] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\System32\svchost.exe[448] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\System32\svchost.exe[448] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\System32\svchost.exe[448] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\System32\svchost.exe[448] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[480] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[680] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\Bonjour\mDNSResponder.exe[692] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\winlogon.exe[736] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\winlogon.exe[736] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\winlogon.exe[736] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\lsass.exe[796] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\lsass.exe[796] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\lsass.exe[796] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\lsass.exe[796] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EC49083
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EC497B2
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EC49966
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EC4986A
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\Explorer.EXE[908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EC4368A
.text C:\WINDOWS\Explorer.EXE[908] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EC4759F
.text C:\WINDOWS\Explorer.EXE[908] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EC46322
.text C:\WINDOWS\Explorer.EXE[908] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EC42447
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\PRISMSVR.EXE[916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\system32\Ati2evxx.exe[952] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\Ati2evxx.exe[952] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\Ati2evxx.exe[952] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\Ati2evxx.exe[952] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\Ati2evxx.exe[952] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\Ati2evxx.exe[952] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\Ati2evxx.exe[952] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\Ati2evxx.exe[952] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\Ati2evxx.exe[952] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\system32\svchost.exe[976] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\svchost.exe[1032] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\svchost.exe[1032] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\system32\svchost.exe[1032] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0186000A
.text C:\WINDOWS\System32\svchost.exe[1124] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00AB000A
.text C:\WINDOWS\System32\svchost.exe[1124] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] WININET.dll!HttpSendRequestExA

3D9AA92E 5 Bytes JMP 0EB86684
.text c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE[1136] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\Ati2evxx.exe[1184] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EC49083
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0120000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EC497B2
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EC49966
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EC4986A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0121000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 011F000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EC4368A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EC4759F
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EC46322
.text C:\Program Files\Mozilla Firefox\firefox.exe[1268] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\System32\svchost.exe[1324] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\System32\svchost.exe[1324] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE[1352] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1384] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\PRISMSVC.EXE[1456] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\System32\svchost.exe[1480] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\System32\svchost.exe[1480] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\System32\svchost.exe[1480] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[1640] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2072] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[2152] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\Program Files\iTunes\iTunesHelper.exe[2228] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\iPod\bin\iPodService.exe[2628] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\iPod\bin\iPodService.exe[2628] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\iPod\bin\iPodService.exe[2628] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\iPod\bin\iPodService.exe[2628] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\iPod\bin\iPodService.exe[2628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\iPod\bin\iPodService.exe[2628] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\iPod\bin\iPodService.exe[2628] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\iPod\bin\iPodService.exe[2628] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\iPod\bin\iPodService.exe[2628] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\ctfmon.exe[2740] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\ctfmon.exe[2740] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\ctfmon.exe[2740] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\ctfmon.exe[2740] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\ctfmon.exe[2740] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\ctfmon.exe[2740] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\ctfmon.exe[2740] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\ctfmon.exe[2740] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\ctfmon.exe[2740] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\WgaTray.exe[2816] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\WgaTray.exe[2816] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\WgaTray.exe[2816] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\WgaTray.exe[2816] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\WgaTray.exe[2816] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\WgaTray.exe[2816] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\WgaTray.exe[2816] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\WgaTray.exe[2816] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\WgaTray.exe[2816] WININET.dll!InternetErrorDlg 3D9BA3C5 5 Bytes JMP 01012136 C:\WINDOWS\system32\WgaTray.exe (Windows Genuine Advantage Notification/Microsoft Corporation)
.text C:\WINDOWS\system32\WgaTray.exe[2816] ws2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\Program Files\Messenger\msmsgs.exe[2840] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\Messenger\msmsgs.exe[2840] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\Messenger\msmsgs.exe[2840] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\Messenger\msmsgs.exe[2840] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\Messenger\msmsgs.exe[2840] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\Messenger\msmsgs.exe[2840] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\Messenger\msmsgs.exe[2840] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\Messenger\msmsgs.exe[2840] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\Messenger\msmsgs.exe[2840] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE[2928] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] ws2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\Program Files\AWS\WeatherBug\Weather.exe[3036] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\System32\alg.exe[3104] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\System32\alg.exe[3104] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\System32\alg.exe[3104] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe[3116] ws2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\System32\svchost.exe[3632] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\System32\svchost.exe[3632] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\System32\svchost.exe[3632] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\System32\svchost.exe[3632] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\System32\svchost.exe[3632] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\System32\svchost.exe[3632] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\System32\svchost.exe[3632] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\System32\svchost.exe[3632] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\System32\svchost.exe[3632] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\System32\svchost.exe[3632] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\system32\dwwin.exe[3736] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\system32\dwwin.exe[3736] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\system32\dwwin.exe[3736] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\system32\dwwin.exe[3736] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\system32\dwwin.exe[3736] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\system32\dwwin.exe[3736] ADVAPI32.DLL!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\system32\dwwin.exe[3736] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\system32\dwwin.exe[3736] WININET.DLL!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\system32\dwwin.exe[3736] ws2_32.dll!send 71AB4C27 5 Bytes JMP 0EB8ECC3
.text C:\WINDOWS\system32\dwwin.exe[3736] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\PROGRA~1\WINZIP\winzip32.exe[4300] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe[4304] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0EB89083
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0EB897B2
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0EB89966
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] ntdll.dll!NtVdmControl 7C90DF1E 5 Bytes JMP 0EB8986A
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0EB8368A
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] ADVAPI32.dll!CryptEncrypt 77DEE360 5 Bytes JMP 0EB8759F
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0EB86322
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0EB92320
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 0EB8FAF0
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0EB91AE0
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 0EB8F720
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0EB92080
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0EB8FC00
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0EB86550
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!InternetWriteFile 3D958D5C 5 Bytes JMP 0EB879D9
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0EB865EA
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0EB921D0
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0EB86684
.text C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe[4884] Crypt32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0EB82447

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{62E758C6-EE56-67AB-7A3E2F088A108BC4}\{3E530B8E-E7D7-91CB-07329483978E2FFC}\{65FEF1D9-850D-2011-E21A2EE487AC8842}
Reg HKLM\SOFTWARE\Classes\CLSID\{62E758C6-EE56-67AB-7A3E2F088A108BC4}\{3E530B8E-E7D7-91CB-07329483978E2FFC}\{65FEF1D9-850D-2011-E21A2EE487AC8842}@526BA65ZPQS4U365YNAELLJ5XA1 0x01 0x00 0x01 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@defenderxx.exe C:\defenderxx.exe\defenderxx.exe

---- Files - GMER 1.0.15 ----

File C:\Program Files\BearShare\db\config.bin 1353 bytes
File C:\defenderxx.exe 0 bytes
File C:\defenderxx.exe\config.bin 296984 bytes
File C:\defenderxx.exe\defenderxx.exe 134656 bytes executable
File C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Directory 1 for Adobe Serial Number Master List, Acrobat 5.0, GoLive 5-6.0, Photoshop 6-7.0, Photoshop Elements, Premiere 6.x, After Effects 5.x, LiveMotion, LiveMotion 2.0, Illustrator 10, In.zip\Adobe Serial Numbers 148992 bytes

---- EOF - GMER 1.0.15 ----

#7 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:12 AM

Posted 31 August 2010 - 03:03 PM

There appears to be some serious housekeeping to do on this computer.

#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:12 AM

Posted 31 August 2010 - 04:37 PM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:12 AM

Posted 31 August 2010 - 07:31 PM

Could not download from the browser on the computer so used a flash drive. Downloaded and tried to execute.

Combo fix is being blocked and appear to stop when it's almost to the end of executing with this message.

n.pig - Application Error 'The instruction at "0x0ec83c38" referenced memory at "0x00000000". The memory could not be "written". Click on OK to terminate the program.

I tried it a couple of times with the same results. Second time it shows a DrWatson Postmortem Debugger has encountered problem and needs to close. etc etc

Edited by ckirk, 31 August 2010 - 07:36 PM.


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:12 AM

Posted 31 August 2010 - 09:20 PM

Can you try running it in safe mode?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:12 AM

Posted 01 September 2010 - 07:22 AM

i can try but before i could not. it is my understanding that we also take the chance of the rkill etal not working or catching again in the startup folder. this is the first time that i've been able to get any of the rkill apps to work at all and took a chance by putting them in the startup folder. but I'm willing to give it a try if there is no other options. this isthe most that i've been able to do onit in about a week.

Edited by ckirk, 01 September 2010 - 07:40 AM.


#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:12 AM

Posted 01 September 2010 - 11:01 AM

Can you try running OTL in safe mode?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:12 AM

Posted 01 September 2010 - 12:29 PM

I tried getting into safemode a couple times and it was like the keyboard input was being blocked. [note: I am able to get into bios setup] I was able to get combofix started, updated, restarted and we'll see if it will scan. it appears to be take a considerable amount of time create a system restore but maybe with all the differed maintenance that is to be expected. will get logs when/if we get them.

just found out that restore console is not installed on this maachine so combofix is downloading it and installing apparently. that may have been why it look like it was stalled.

side note...do you think it is okay to leave rkill in the startup folder indefinitely??

#14 ckirk

ckirk
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:12 AM

Posted 01 September 2010 - 01:34 PM

whoo whoo combofix managed it all. At one point, it said that it had found a rootkit and rebooted. Appears to be working pretty good now.

ComboFix 10-09-01.02 - Kirk 09/01/2010 12:42:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.702 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\defenderxx.exe
c:\defenderxx.exe\config.bin
c:\defenderxx.exe\defenderxx.exe
c:\documents and settings\All Users\Application Data\Update\seupd.exe
c:\documents and settings\Kirk\Application Data\Sky-Banners
c:\documents and settings\Kirk\Application Data\Street-Ads
c:\documents and settings\Kirk\Start Menu\eXplorer.exe
c:\documents and settings\Kirk\System
c:\documents and settings\Kirk\System\win_qs.jqx
c:\documents and settings\NetworkService\Local Settings\Application Data\cxkdcksxh
c:\documents and settings\NetworkService\Local Settings\Application Data\cxkdcksxh\cuauvaashdw.exe
c:\program files\Altnet
c:\program files\Altnet\My Altnet Shares\22Jacks-Stockton.wma
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab
c:\program files\INSTAFINK
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\0004A842
c:\program files\Need2Find\bar\Cache\00067EAA
c:\program files\Need2Find\bar\Cache\00068976
c:\program files\Need2Find\bar\Cache\0008EAB2
c:\program files\Need2Find\bar\Cache\0008EF13
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\mmduch.dll
c:\windows\$NtUninstallMTF1011$\mmx.dll
c:\windows\$NtUninstallMTF1011$\zrpt.xml
c:\windows\Downloaded Program Files\Quarantine
c:\windows\nsbdrs.dll
c:\windows\patch.exe
c:\windows\system32\gotomon.log

.
((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-25 16:23 . 2010-09-01 17:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Update
2010-08-05 05:21 . 2010-08-05 05:21 -------- d-----w- c:\program files\Coupons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 17:07 . 2009-10-07 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 01:36 . 2009-06-03 12:06 -------- dc----w- c:\documents and settings\Kirk\Application Data\CoreFTP
2010-08-16 00:13 . 2009-06-20 19:34 -------- d-----w- c:\program files\Dl_cats
2010-08-01 04:44 . 2010-07-09 15:19 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-28 06:41 . 2005-09-18 12:57 -------- dc----w- c:\documents and settings\Kirk\Application Data\Apple Computer
2010-07-28 06:04 . 2010-07-28 06:04 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-28 05:29 . 2010-07-28 05:26 -------- dc----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-28 05:29 . 2010-07-28 05:26 -------- d-----w- c:\program files\iTunes
2010-07-28 05:27 . 2005-09-18 12:54 -------- d-----w- c:\program files\iPod
2010-07-28 05:26 . 2010-07-28 05:15 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 05:24 . 2006-01-15 12:12 -------- d-----w- c:\program files\QuickTime
2010-07-28 05:23 . 2005-09-18 12:54 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-28 05:20 . 2010-07-28 05:20 -------- d-----w- c:\program files\Apple Software Update
2010-07-28 05:18 . 2010-07-28 05:18 -------- d-----w- c:\program files\Bonjour
2010-07-21 21:30 . 2010-07-21 21:30 73000 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-20 20:33 . 2010-07-20 20:33 18944 -c--a-r- c:\documents and settings\Kirk\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-07-20 20:33 . 2010-07-20 20:33 11264 -c--a-r- c:\documents and settings\Kirk\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-07-09 15:40 . 2010-07-09 15:40 0 ----a-w- c:\windows\ativpsrm.bin
2010-07-08 00:03 . 2010-07-08 00:03 -------- d-----w- c:\program files\ATI Technologies
2010-07-08 00:03 . 2004-08-26 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-30 12:31 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-18 00:20 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-02-25 02:24 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:39 . 2010-02-25 02:25 312912 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-28 20:37 . 2010-02-25 02:25 46672 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-02-25 02:25 165456 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-02-25 02:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-02-25 02:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-02-25 02:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-02-25 02:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-02-25 02:25 28880 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:15 . 2003-03-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2003-03-31 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-03-31 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-03-31 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-25 15:57 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-03-31 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-22 20:09 . 2009-07-22 20:09 0 ---ha-w- c:\program files\hpothb07.dat
2009-07-22 20:09 . 2009-07-22 20:09 0 ---ha-w- c:\program files\hpothb07.tif
2004-10-12 15:35 . 2004-10-11 05:32 33 ----a-w- c:\program files\LF.key
2003-11-19 23:37 . 2004-08-30 15:20 10459 ----a-w- c:\program files\readme.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59 153184 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-27 290816]
"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\Kirk\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-8-25 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Free WebSite Tools.lnk - c:\program files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2006-5-9 372224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 02:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"\\\\ROBERTSCOMPUTER\\FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CoffeeCup Software\\CoffeeCup Free FTP\\FreeFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcjpswx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/24/2010 9:25 PM 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/24/2010 9:25 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/24/2010 9:25 PM 17744]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [1/24/2006 12:51 PM 135168]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [1/29/2007 6:08 PM 61526]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [11/6/2008 2:33 PM 26752]
S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\Drivers\DrvAgent32.sys --> c:\windows\system32\Drivers\DrvAgent32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
Trusted Zone: turbotax.com
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - hxxp://mediaplayer.walmart.com/installer/install.cab
FF - ProfilePath - c:\documents and settings\Kirk\Application Data\Mozilla\Firefox\Profiles\default.udu\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/index.html
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\j2re1.4.2_06\bin\NPJPI142_06.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{7A7E6519-7119-4F00-9B54-801AD65C8BC9} - c:\windows\$NtUninstallMTF1011$\mmduch.dll
BHO-{DFFA5F37-2B7A-454A-B3D9-9330FF7B881F} - c:\windows\$NtUninstallMTF1011$\mmx.dll
Toolbar-SITEguard - (no file)
HKCU-Run-defenderxx.exe - c:\defenderxx.exe\defenderxx.exe
HKLM-Run-bipro - c:\windows\$NtUninstallMTF1011$\mmduch.dll
HKU-Default-Run-Nhipiseciyo - c:\windows\nsbdrs.dll
HKU-Default-Run-defenderxx.exe - c:\defenderxx.exe\defenderxx.exe
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 13:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86951ACE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7793f28
\Driver\ACPI -> ACPI.sys @ 0xf7706cb8
\Driver\atapi -> atapi.sys @ 0xf76be852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{62E758C6-EE56-67AB-7A3E2F088A108BC4}\{3E530B8E-E7D7-91CB-07329483978E2FFC}\{65FEF1D9-850D-2011-E21A2EE487AC8842}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\PRISMAPI.DLL

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PRISMSVR.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Dell Wireless\PRISMCFG.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-01 13:29:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-01 18:29

Pre-Run: 7,469,686,784 bytes free
Post-Run: 11,004,596,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - A74FB20BBDB8B6DCB712267433E61CCB


#15 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:12 AM

Posted 01 September 2010 - 02:01 PM

Hi there,

Please download MBRCheck to your desktop.
  • Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
  • It will open a black window, please do not fix anything (if it gives you an option).
  • Exit that window and it will produce a log (MBRCheck_date_time).
  • Please post that log when you reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users