Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection from Possible Flash Drive


  • Please log in to reply
3 replies to this topic

#1 Jack421

Jack421

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:Ontario,CA
  • Local time:08:45 AM

Posted 18 September 2010 - 11:09 PM

Infection from possible flash drive. My dds log files and attach are provided here. This is a bad one its affecting my whole computer.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Megatron at 20:42:56.66 on Sat 09/18/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.255 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Megatron\Downloads\Software\Security Software\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: mobilewitch Toolbar: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - c:\program files\mobilewitch\tbmobi.dll
uURLSearchHooks: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\tbBaby.dll
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
uURLSearchHooks: H - No File
mURLSearchHooks: mobilewitch Toolbar: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - c:\program files\mobilewitch\tbmobi.dll
mURLSearchHooks: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\tbBaby.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\email id\ieaddon\IconixBHO_43.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
BHO: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\tbBaby.dll
BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: mobilewitch Toolbar: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - c:\program files\mobilewitch\tbmobi.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: mobilewitch Toolbar: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - c:\program files\mobilewitch\tbmobi.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\babylon-english\tbBaby.dll
TB: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
uRun: [fsm]
uRun: [Power2GoExpress] NA
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon]
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.0"
mRun: [iCall Internet Phone] "c:\program files\icall\iCall.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\email id\ieaddon\IconixBHO_43.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\email id\ieaddon\IconixBHO_43.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\9547gml0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1561552&SearchSource=13
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{1253d21b-263b-1843-275c-1726da8b2a12}\components\FFProxy36.dll
FF - component: c:\program files\pdfforge toolbar\ssff\components\SearchSettingsFF.dll
FF - component: c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\9547gml0.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - component: c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\9547gml0.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.dll
FF - component: c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\9547gml0.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\FFExternalAlert.dll
FF - component: c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\9547gml0.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\RadioWMPCore.dll
FF - component: c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\9547gml0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\9547gml0.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}\components\FFExternalAlert.dll
FF - component: c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\9547gml0.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}\components\RadioWMPCore.dll
FF - component: c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\9547gml0.default\extensions\afom@idevfh\components\npAFOM.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npIconixProxy36.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\megatron\appdata\roaming\mozilla\firefox\profiles\9547gml0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-14 165584]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-9-14 201168]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-9-14 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-9-14 25000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-14 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-14 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2010-9-14 380272]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2010-9-14 3638240]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-14 40384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-14 38224]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-9-14 29120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IconixService;Iconix Update Service;c:\program files\common files\email id\IconixService.exe [2010-9-14 283992]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-15 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-9-14 16472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

.txt=GetDiz.Document

=============== Created Last 30 ================

2010-09-19 03:39:31 0 d-----w- c:\users\megatron\appdata\roaming\QuickScan
2010-09-18 20:51:00 0 d-----w- c:\users\megatron\appdata\roaming\Wireshark
2010-09-18 20:50:24 0 d-----w- c:\program files\WinPcap
2010-09-18 08:14:40 0 d-----w- c:\users\megatron\appdata\roaming\Foxit
2010-09-18 08:01:21 0 d-----w- c:\program files\JRE
2010-09-18 04:38:51 1024 ----a-w- C:\.rnd
2010-09-18 04:37:56 0 d-----w- c:\programdata\VMware
2010-09-18 04:37:56 0 d-----w- c:\program files\VMware
2010-09-18 04:18:11 0 d-----w- c:\users\megatron\.nbi
2010-09-18 04:16:12 0 d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2010-09-18 04:14:24 0 d-----w- c:\program files\2BrightSparks
2010-09-18 04:12:38 0 d-----w- c:\program files\Event Log Explorer
2010-09-18 04:08:55 0 d-----w- c:\program files\Microsoft SQL Server
2010-09-18 04:00:19 0 d-----w- c:\program files\Lavalys
2010-09-18 03:22:51 0 d-----w- c:\programdata\MySQL
2010-09-18 03:22:51 0 d-----w- c:\program files\MySQL
2010-09-18 03:20:49 0 d-----w- c:\program files\NSIS
2010-09-18 03:19:22 0 d-----w- c:\program files\Inno Setup 5
2010-09-18 02:19:50 0 d-----w- c:\program files\Eraser
2010-09-18 01:17:47 0 d-----w- c:\program files\Nmap
2010-09-18 01:14:50 0 d-----w- c:\program files\Wireshark
2010-09-18 01:04:12 0 d-----w- c:\program files\SpeedFan
2010-09-18 00:59:33 0 d-----w- c:\program files\SyncToy 2.1
2010-09-18 00:51:53 0 d-----w- c:\program files\Unlocker
2010-09-18 00:40:24 0 d-----w- c:\program files\Sandboxie
2010-09-17 07:26:40 0 d-----w- c:\users\megatron\appdata\roaming\Foxit Software
2010-09-17 07:26:14 0 d-----w- c:\program files\Foxit Software
2010-09-17 06:56:59 0 d-----w- c:\users\megatron\appdata\roaming\OpenOffice.org
2010-09-17 05:49:23 0 d-----w- c:\program files\OpenOffice.org 3
2010-09-17 05:14:55 0 d-----w- c:\users\megatron\appdata\roaming\TeraCopy
2010-09-17 05:07:16 0 d-----w- c:\program files\Hotspot_Shield
2010-09-17 05:03:53 0 d-----w- C:\Hotspot Shield
2010-09-17 05:03:16 0 d-----w- c:\program files\Hotspot Shield
2010-09-17 04:59:19 0 d-----w- c:\program files\Application Updater
2010-09-17 04:59:17 0 d-----w- c:\program files\pdfforge Toolbar
2010-09-17 04:55:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2010-09-17 04:55:53 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-09-17 04:55:53 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-09-17 04:55:51 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-09-17 04:55:51 0 d-----w- c:\program files\PDFCreator
2010-09-17 04:54:05 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-09-17 04:53:39 0 d-----w- c:\program files\Nitro PDF
2010-09-17 04:51:23 0 d-----w- c:\program files\Tools4ever
2010-09-17 04:48:08 0 d-----w- c:\program files\Dynamic Draw Project
2010-09-17 04:42:40 0 d-----w- c:\program files\TeraCopy
2010-09-17 04:26:28 0 d-----w- c:\users\megatron\appdata\roaming\Dropbox
2010-09-17 04:00:08 0 d-----w- c:\users\megatron\appdata\roaming\Y!Supra
2010-09-17 03:56:44 0 d-----w- c:\users\megatron\appdata\roaming\PeaZip
2010-09-17 03:56:22 0 d-----w- c:\program files\YahELite
2010-09-17 03:55:42 0 d-----w- c:\program files\PeaZip
2010-09-17 03:38:17 0 d-----w- c:\program files\Qualcomm
2010-09-17 03:38:16 317952 ----a-r- c:\windows\system32\Roboex32.dll
2010-09-17 03:38:16 1712128 ----a-r- c:\windows\system32\gdiplus.dll
2010-09-17 03:38:15 48640 ----a-r- c:\windows\system32\INETWH32.DLL
2010-09-17 03:36:36 0 d-----w- c:\users\megatron\appdata\roaming\Trillian
2010-09-17 03:34:48 0 d-----w- c:\program files\FireTrust
2010-09-17 03:34:47 0 d-----w- c:\users\megatron\appdata\roaming\MailWasherFree
2010-09-16 23:07:27 0 d-----w- c:\users\megatron\appdata\roaming\Digsby
2010-09-16 23:07:27 0 d-----w- c:\programdata\Digsby
2010-09-16 23:02:38 0 d-----w- c:\program files\Babylon-English
2010-09-16 23:02:36 0 d-----w- c:\program files\Babylon
2010-09-16 23:02:23 0 d-----w- c:\users\megatron\appdata\roaming\Babylon
2010-09-16 23:02:23 0 d-----w- c:\programdata\Babylon
2010-09-16 23:00:03 0 d-----w- c:\program files\Digsby
2010-09-16 20:00:59 0 d-----w- c:\users\megatron\appdata\roaming\FrostWire
2010-09-16 11:02:30 0 d-----w- c:\programdata\AOL
2010-09-16 06:24:30 0 d-----w- c:\users\megatron\appdata\roaming\X-Chat 2
2010-09-16 06:24:30 0 d-----w- c:\program files\xchat
2010-09-16 06:21:54 0 d-----w- c:\program files\FrostWire
2010-09-16 06:20:19 0 d-----w- c:\program files\DC++
2010-09-16 05:14:26 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-16 04:21:46 0 d-----w- c:\programdata\Yahoo!
2010-09-16 03:22:52 0 d-----w- c:\users\megatron\appdata\roaming\hpqLog
2010-09-16 03:16:30 0 d-----w- c:\programdata\HP Photo Creations
2010-09-16 03:16:30 0 d-----w- c:\program files\HP Photo Creations
2010-09-16 03:01:29 0 d-----w- c:\programdata\Sun
2010-09-16 02:43:52 32156 ----a-w- c:\programdata\nvModes.dat
2010-09-16 02:34:31 45568 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-09-16 02:34:30 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2010-09-16 02:34:30 172032 ----a-w- c:\windows\system32\rixdicon.dll
2010-09-16 02:34:29 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-09-16 02:07:43 0 d-----w- c:\users\megatron\dwhelper
2010-09-16 01:29:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-16 01:29:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-09-16 01:15:31 3 ----a-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2010-09-16 01:15:21 4052 ----a-w- c:\windows\system32\wbem\Wdf01000.mof
2010-09-16 01:15:21 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-09-16 01:15:21 118 ----a-w- c:\windows\system32\wbem\Wdf01000Uninstall.mof
2010-09-16 01:15:20 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-09-16 01:02:33 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-16 01:00:40 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-16 01:00:31 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-16 00:59:40 0 d-----w- c:\program files\Microsoft
2010-09-16 00:59:20 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-16 00:47:12 0 d-----w- c:\program files\common files\Windows Live
2010-09-15 23:55:44 0 d-----w- c:\program files\Windows Portable Devices
2010-09-15 23:50:53 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-09-15 23:49:48 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-09-15 23:48:23 0 d-----w- c:\users\megatron\appdata\roaming\Outertech
2010-09-15 23:48:10 0 d-----w- c:\program files\GetDiz
2010-09-15 23:47:35 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-09-15 23:47:34 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-09-15 23:47:34 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-09-15 23:14:49 0 d-----w- c:\windows\system32\eu-ES
2010-09-15 23:14:49 0 d-----w- c:\windows\system32\ca-ES
2010-09-15 23:14:48 0 d-----w- c:\windows\system32\vi-VN
2010-09-15 22:51:20 0 d-----w- c:\windows\system32\EventProviders
2010-09-15 22:47:59 978432 ----a-w- c:\windows\system32\drmv2clt.dll
2010-09-15 22:46:59 618496 ----a-w- c:\windows\system32\mswstr10.dll
2010-09-15 22:45:59 1152000 ----a-w- c:\windows\system32\themecpl.dll
2010-09-15 22:44:55 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-09-15 22:44:55 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-09-15 22:44:55 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-09-15 22:44:55 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-09-15 22:44:55 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-09-15 22:44:55 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-09-15 22:44:55 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-09-15 22:44:54 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-09-15 22:44:51 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-09-15 22:44:51 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-09-15 22:44:44 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-09-15 21:13:35 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-15 21:13:35 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-15 21:13:35 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-15 21:13:35 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-15 21:13:35 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-15 20:32:05 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-09-15 20:32:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-09-15 20:30:49 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 07:48:48 27620 ----a-w- c:\users\megatron\appdata\roaming\nvModes.dat
2010-09-15 07:21:01 0 d-----w- c:\program files\NETEagle
2010-09-15 07:19:14 0 d-----w- c:\users\megatron\appdata\roaming\AIMP
2010-09-15 07:18:35 0 d-----w- c:\program files\AIMP2
2010-09-15 06:43:32 0 d-----w- c:\program files\Mixxx
2010-09-15 06:32:29 0 d-----w- c:\program files\VideoLAN
2010-09-15 05:36:35 0 d-----w- c:\program files\iCall
2010-09-15 05:04:29 0 d-----w- c:\users\megatron\appdata\roaming\IObit
2010-09-15 05:04:25 0 d-----w- c:\program files\IObit
2010-09-15 05:02:36 0 d-----w- c:\program files\VS Revo Group
2010-09-15 04:35:41 0 d-----w- c:\programdata\WindowsSearch
2010-09-15 04:20:41 0 d-----w- c:\users\megatron\appdata\roaming\SUPERAntiSpyware.com
2010-09-15 04:20:41 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-15 04:19:14 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-15 04:17:12 0 d-----w- c:\programdata\Office Genuine Advantage
2010-09-15 04:10:50 0 d-----w- c:\users\megatron\appdata\roaming\Malwarebytes
2010-09-15 04:10:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 04:09:57 38224 ----a-w- c:\windows\system32\drivers\is-KU04Q.tmp
2010-09-15 04:09:49 0 d-----w- c:\programdata\Malwarebytes
2010-09-15 04:09:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 04:09:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 03:24:41 0 d-----w- c:\program files\Glary Utilities
2010-09-15 02:57:11 0 d-----w- c:\program files\Conduit
2010-09-15 02:56:55 0 d-----w- c:\program files\mobilewitch
2010-09-15 02:55:11 0 d-----w- c:\program files\SpeedLord
2010-09-15 02:53:32 0 d-----w- c:\users\megatron\appdata\roaming\MP3Rocket
2010-09-15 02:53:17 0 d-----w- c:\program files\MP3 Rocket
2010-09-15 02:52:30 0 d-----w- c:\program files\Ask.com
2010-09-15 02:48:54 0 d-----w- c:\program files\CCleaner
2010-09-15 02:48:03 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2010-09-15 02:48:02 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2010-09-15 02:48:01 0 d-----w- c:\program files\MyDefrag v4.3.1
2010-09-15 02:16:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-15 02:10:43 0 d-----w- c:\program files\Defraggler
2010-09-15 01:51:23 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-09-15 01:51:21 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-09-15 00:46:47 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-09-15 00:46:44 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-09-15 00:46:43 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-09-15 00:46:22 0 d-----w- c:\program files\uTorrent
2010-09-15 00:45:52 0 d-----w- c:\users\megatron\appdata\roaming\uTorrent
2010-09-15 00:45:15 0 d-----w- c:\program files\MSXML 4.0
2010-09-15 00:39:26 0 d-----w- c:\program files\PeerBlock
2010-09-15 00:11:34 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-09-15 00:11:33 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-09-15 00:11:33 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-09-15 00:11:33 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-09-15 00:11:33 10240 ----a-w- c:\windows\system32\finger.exe
2010-09-15 00:11:32 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-09-15 00:11:32 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-09-15 00:11:32 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-15 00:11:32 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-09-15 00:09:56 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-09-15 00:09:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-15 00:04:50 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-09-15 00:04:50 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-09-15 00:04:41 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-09-15 00:04:38 471552 ----a-w- c:\windows\system32\secproc.dll
2010-09-15 00:04:37 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-09-15 00:04:37 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-09-15 00:04:37 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-09-15 00:04:36 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-09-15 00:04:36 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-09-15 00:02:50 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-09-15 00:01:55 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 00:00:53 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 00:00:51 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-09-15 00:00:49 153 ----a-w- c:\windows\system32\RacUREx.xml
2010-09-14 23:54:38 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-09-14 23:54:34 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-09-14 23:54:33 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-09-14 23:54:33 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-09-14 23:54:32 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-14 23:54:02 243712 ----a-w- c:\windows\system32\rastls.dll
2010-09-14 23:53:57 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-09-14 23:53:53 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-09-14 23:53:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-09-14 23:53:52 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-09-14 23:53:52 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-09-14 23:53:52 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-09-14 23:53:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-09-14 23:53:51 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-09-14 23:53:51 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-09-14 23:53:51 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-09-14 23:51:46 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-09-14 23:12:21 0 d-----w- c:\users\megatron\appdata\roaming\eMail ID
2010-09-14 23:12:21 0 d-----w- c:\programdata\eMail ID
2010-09-14 23:12:06 0 d-----w- c:\program files\common files\eMail ID
2010-09-14 23:11:53 0 d-----w- c:\program files\eMail ID
2010-09-14 23:11:36 0 d-----w- c:\users\megatron\appdata\roaming\CBS Interactive
2010-09-14 23:11:09 0 d-----w- c:\users\megatron\appdata\roaming\Software Informer
2010-09-14 23:11:08 0 d-----w- c:\program files\Software Informer
2010-09-14 23:10:15 0 d-----w- c:\program files\FileHippo.com
2010-09-14 23:10:00 0 d-----w- c:\program files\Doc Scrubber
2010-09-14 23:09:31 115920 ----a-w- c:\windows\system32\MSINET.OCX
2010-09-14 23:09:28 0 d-----w- c:\program files\EULAlyzer
2010-09-14 23:00:24 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-14 23:00:23 98304 ----a-w- c:\windows\system32\cabview.dll
2010-09-14 22:55:29 0 d---a-w- c:\programdata\TEMP
2010-09-14 22:55:24 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-14 22:55:19 0 d-----w- c:\program files\SpywareBlaster
2010-09-14 22:54:13 0 d-----w- c:\program files\Trend Micro
2010-09-14 22:51:04 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-09-14 22:50:51 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-09-14 22:50:40 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-09-14 22:50:40 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-14 22:46:25 0 d-----w- c:\programdata\LightScribe
2010-09-14 22:44:45 0 d-----w- c:\users\megatron\appdata\roaming\Symantec
2010-09-14 22:43:34 81 ----a-w- c:\windows\system32\LOG
2010-09-14 22:43:31 44 ----a-w- c:\windows\system\hpsysdrv.dat
2010-09-14 22:41:40 0 d-----w- c:\program files\Yahoo!
2010-09-14 22:37:52 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-14 22:36:42 38848 ----a-w- c:\windows\avastSS.scr
2010-09-14 22:36:37 0 ----a-w- c:\users\megatron\appdata\roaming\wklnhst.dat
2010-09-14 22:36:19 0 d-----w- c:\programdata\Alwil Software
2010-09-14 22:36:04 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-09-14 22:36:03 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-09-14 22:35:53 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-09-14 22:34:18 0 d-----w- c:\program files\HPQ
2010-09-14 22:29:38 0 d-sh--we c:\programdata\Documents
2010-09-14 22:29:38 0 d-sh--we C:\Documents and Settings
2010-09-14 22:22:17 0 d-----w- c:\users\megatron\appdata\roaming\OnlineArmor
2010-09-14 22:22:17 0 d-----w- c:\programdata\OnlineArmor
2010-09-14 22:21:19 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2010-09-14 22:21:19 29120 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-09-14 22:21:19 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-09-14 22:21:19 201168 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-09-14 22:21:16 0 d-----w- c:\program files\Online Armor

==================== Find3M ====================

2010-09-17 05:06:30 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-17 05:06:30 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-17 05:06:29 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-15 23:55:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-15 23:01:33 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-09-14 22:33:32 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Presario F700 Notebook PC_Y5335KV_0U_QCNF809462Y_E483150-001_4A_I30EA_SQuanta_V86.09_F.08_T080425_WV3-1_L409_M959_J160_7AMD_8F82_91.90_#100914_N10DE054C;168C001C_(KP029UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 17:07:40 96784 ----a-w- c:\windows\system32\Packet.dll
2010-06-25 17:07:24 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-06-25 17:03:12 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-28 21:22:23 32 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 20:46:32.51 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/28/2009 8:27:59 AM
System Uptime: 9/18/2010 7:51:43 PM (1 hours ago)

Motherboard: Quanta | | 30EA
Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-57 | Socket S1 | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 137 GiB total, 109.825 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.989 GiB free.
E: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP88: 9/18/2010 4:38:36 PM - Scheduled Checkpoint

==== Installed Programs ======================

µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player
Advanced SystemCare 3
AIMP2
Ask Toolbar
Atheros Driver Installation Program
avast! Free Antivirus
Babylon
Babylon-English Toolbar
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
CNET TechTracker
Conexant HD Audio
CyberLink DVD Suite
DC++ 0.770
Defraggler
Digsby
Doc Scrubber v1.1
Dropbox
Dynamic Draw 5.5
Eudora
EULAlyzer 2.0
FileHippo.com Update Checker
FileZilla Client 3.3.4.1
Foxit Reader
FREEping
FrostWire 4.20.9
GetDiz 4.5
Glary Utilities 2.28.0.1011
Google Talk (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 1.49
Hotspot_Shield Toolbar
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 B2
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0091
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
iCall
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 20
Java™ 6 Update 21
Junk Mail filter update
LabelPrint
LightScribe System Software 1.10.13.1
MailWasher Free 6.5.4
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mixxx 1.7.2
mobilewitch Toolbar
Mozilla Firefox (3.6.10)
MP3 Rocket
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.3.1
NETEagle
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Online Armor 4.5
OpenOffice.org 3.2
PDFCreator
pdfforge Toolbar v1.1.2
PeaZip 3.3
PeerBlock 1.0.0 (r181)
Power2Go
PowerDirector
PrimoPDF -- brought to you by Nitro PDF Software
PSSWCORE
QuickPlay SlingPlayer 0.4.6
Random Password Generator
Revo Uninstaller 1.89
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Software Informer 1.0 BETA
SpeedLord
SpywareBlaster 4.4
SUPERAntiSpyware
Synaptics Pointing Device Driver
TeraCopy 2.12
Trend Micro™ eMail ID
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Viewpoint Media Player
VLC media player 1.1.4
WeatherBug Gadget
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinPcap 4.1.2
Wireshark 1.4.0
XChat 2 (remove only)
YahELite 330.1
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/18/2010 7:55:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
9/18/2010 7:55:55 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/18/2010 7:53:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Iconix Update Service service to connect.
9/18/2010 7:53:24 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/18/2010 7:53:24 PM, Error: Service Control Manager [7000] - The Iconix Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/18/2010 6:57:15 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
9/18/2010 5:49:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
9/18/2010 3:27:18 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/17/2010 9:57:08 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147943515.
9/17/2010 11:02:51 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
9/17/2010 11:02:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 1.x MiniRedirector service which failed to start because of the following error: Access is denied.
9/17/2010 11:02:51 PM, Error: Service Control Manager [7000] - The SMB 1.x MiniRedirector service failed to start due to the following error: Access is denied.
9/16/2010 4:42:08 AM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
9/16/2010 4:42:08 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: Access is denied.
9/16/2010 4:42:08 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: Access is denied.
9/16/2010 4:42:08 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: Access is denied.
9/16/2010 4:42:08 AM, Error: Service Control Manager [7000] - The WebDav Client Redirector Driver service failed to start due to the following error: Access is denied.
9/16/2010 4:42:08 AM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: Access is denied.
9/16/2010 10:07:03 PM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/15/2010 8:37:23 PM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: Access is denied.
9/15/2010 8:37:23 PM, Error: Service Control Manager [7001] - The Server service depends on the srv service which failed to start because of the following error: Access is denied.
9/15/2010 8:37:23 PM, Error: Service Control Manager [7000] - The srv service failed to start due to the following error: Access is denied.
9/15/2010 8:37:23 PM, Error: Service Control Manager [7000] - The SMB 2.0 MiniRedirector service failed to start due to the following error: Access is denied.
9/15/2010 8:33:44 PM, Error: Service Control Manager [7001] - The srv service depends on the srv2 service which failed to start because of the following error: Access is denied.
9/15/2010 8:33:44 PM, Error: Service Control Manager [7001] - The Server service depends on the srv service which failed to start because of the following error: The dependency service or group failed to start.
9/15/2010 8:33:44 PM, Error: Service Control Manager [7000] - The srv2 service failed to start due to the following error: Access is denied.
9/15/2010 8:28:13 PM, Error: Service Control Manager [7001] - The SSDP Discovery service depends on the HTTP service which failed to start because of the following error: Access is denied.
9/15/2010 8:28:13 PM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: Access is denied.
9/15/2010 8:27:01 PM, Error: Service Control Manager [7001] - The Function Discovery Provider Host service depends on the HTTP service which failed to start because of the following error: Access is denied.
9/15/2010 8:27:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/15/2010 8:26:50 PM, Error: Service Control Manager [7001] - The srv2 service depends on the srvnet service which failed to start because of the following error: Access is denied.
9/15/2010 8:26:50 PM, Error: Service Control Manager [7001] - The srv service depends on the srv2 service which failed to start because of the following error: The dependency service or group failed to start.
9/15/2010 8:26:50 PM, Error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: Access is denied.
9/15/2010 8:26:50 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: Access is denied.
9/15/2010 8:26:50 PM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: Access is denied.
9/15/2010 8:26:50 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: Access is denied.
9/15/2010 8:26:50 PM, Error: Service Control Manager [7000] - The Iconix Update Service service failed to start due to the following error: Access is denied.
9/15/2010 8:21:30 PM, Error: HBtnKey [4] -
9/15/2010 5:39:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80240016: Synaptics - Input - Synaptics PS/2 Port TouchPad.
9/15/2010 5:38:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: nVidia - Display - NVIDIA GeForce 7000M / nForce 610M.
9/15/2010 5:31:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Megatron-PC\Megatron SID (S-1-5-21-2587209427-759202388-864072799-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/15/2010 10:07:08 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Jack421

Jack421
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:Ontario,CA
  • Local time:08:45 AM

Posted 18 September 2010 - 11:10 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4650

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/18/2010 7:05:40 PM
mbam-log-2010-09-18 (19-05-40).txt

Scan type: Full scan (C:\|)
Objects scanned: 12650
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4650

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/18/2010 7:49:54 PM
mbam-log-2010-09-18 (19-49-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 120354
Time elapsed: 36 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

#3 Jack421

Jack421
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:Ontario,CA
  • Local time:08:45 AM

Posted 18 September 2010 - 11:43 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-18 21:36:33
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Megatron\AppData\Local\Temp\fflyqkow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x8C8E72AE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x8C8E5A8C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x8C8E555E]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0x8C8E6824]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x8C8E564C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x8C8EC182]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x8C8E546A]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateSection [0x8C8E34F2]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThread [0x8C8E4634]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x8C8E4D22]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x8C8E532C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x8C8E624C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x8C8EC4DE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x8C8E37B4]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenThread [0x8C8E48B0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0x8C8E65D6]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueryDirectoryFile [0x8C8E70CE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x8C8E6940]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestPort [0x8C8E5CB0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x8C8E5F14]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRestoreKey [0x8C8EBF7A]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x8C8E50CE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x8C8E586E]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetContextThread [0x8C8E4BCC]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x8C8E6F74]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x8C8E6186]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x8C8E51FE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x8C8E4F7A]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSystemDebugControl [0x8C8E4E40]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateProcess [0x8C8E4472]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateThread [0x8C8E4A66]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x8C8E6414]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0x8C8E6700]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x8C8E4768]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C949BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 131 824AF894 4 Bytes [AE, 72, 8E, 8C]
.text ntkrnlpa.exe!KeSetEvent + 13D 824AF8A0 8 Bytes [8C, 5A, 8E, 8C, 5E, 55, 8E, ...]
.text ntkrnlpa.exe!KeSetEvent + 191 824AF8F4 4 Bytes [24, 68, 8E, 8C]
.text ntkrnlpa.exe!KeSetEvent + 1C1 824AF924 4 Bytes [4C, 56, 8E, 8C]
.text ntkrnlpa.exe!KeSetEvent + 1D9 824AF93C 4 Bytes [82, C1, 8E, 8C]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 825DA28F 5 Bytes JMP 8C9455D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82633063 5 Bytes JMP 8C946FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8269490A 7 Bytes JMP 8C949BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8AA0E340, 0x3ED9C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskeng.exe[484] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Windows\system32\taskeng.exe[484] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[484] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Windows\system32\taskeng.exe[484] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskeng.exe[484] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskeng.exe[484] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[484] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[484] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[484] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[484] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskeng.exe[484] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Windows\system32\taskeng.exe[484] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskeng.exe[484] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\taskeng.exe[484] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskeng.exe[484] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\rundll32.exe[1036] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\WINDOWS\System32\rundll32.exe[1036] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\rundll32.exe[1036] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\WINDOWS\System32\rundll32.exe[1036] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\System32\rundll32.exe[1036] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskeng.exe[1456] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Windows\system32\taskeng.exe[1456] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[1456] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Windows\system32\taskeng.exe[1456] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskeng.exe[1456] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskeng.exe[1456] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1456] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[1456] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1456] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[1456] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskeng.exe[1456] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Windows\system32\taskeng.exe[1456] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskeng.exe[1456] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\taskeng.exe[1456] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskeng.exe[1456] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Online Armor\oasrv.exe[1592] kernel32.dll!CreateRemoteThread + 175 7680CAAA 4 Bytes [00, 00, A6, 71]
.text C:\Program Files\Online Armor\oasrv.exe[1592] user32.dll!LoadStringA 760E6243 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\oasrv.exe[1592] user32.dll!LoadStringW 760F9CCB 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\Dwm.exe[1780] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A50F5A
.text C:\Windows\system32\Dwm.exe[1780] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\Dwm.exe[1780] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71870F5A
.text C:\Windows\system32\Dwm.exe[1780] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71960F5A
.text C:\Windows\system32\Dwm.exe[1780] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 71990F5A
.text C:\Windows\system32\Dwm.exe[1780] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71900F5A
.text C:\Windows\system32\Dwm.exe[1780] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71930F5A
.text C:\Windows\system32\Dwm.exe[1780] USER32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1780] USER32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [89, 71]
.text C:\Windows\system32\Dwm.exe[1780] USER32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1780] USER32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8C, 71]
.text C:\Windows\system32\Dwm.exe[1780] USER32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A20F5A
.text C:\Windows\system32\Dwm.exe[1780] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\Dwm.exe[1780] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719C0F5A
.text C:\Windows\system32\Dwm.exe[1780] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 719F0F5A
.text C:\Windows\Explorer.EXE[1804] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A50F5A
.text C:\Windows\Explorer.EXE[1804] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A80F5A
.text C:\Windows\Explorer.EXE[1804] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 718D0F5A
.text C:\Windows\Explorer.EXE[1804] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71960F5A
.text C:\Windows\Explorer.EXE[1804] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71990F5A
.text C:\Windows\Explorer.EXE[1804] USER32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1804] USER32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8F, 71]
.text C:\Windows\Explorer.EXE[1804] USER32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1804] USER32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [92, 71]
.text C:\Windows\Explorer.EXE[1804] USER32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A20F5A
.text C:\Windows\Explorer.EXE[1804] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AE0F5A
.text C:\Windows\Explorer.EXE[1804] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719C0F5A
.text C:\Windows\Explorer.EXE[1804] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 719F0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!SetUnhandledExceptionFilter 767EA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Online Armor\oaui.exe[2496] user32.dll!LoadStringA 760E6243 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\oaui.exe[2496] user32.dll!LoadStringW 760F9CCB 6 Bytes JMP 71A90F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Online Armor\OAhlp.exe[2928] user32.dll!LoadStringA 760E6243 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\OAhlp.exe[2928] user32.dll!LoadStringW 760F9CCB 6 Bytes JMP 71A90F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!select 778915F4 6 Bytes JMP 716C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!closesocket 7789330C 6 Bytes JMP 717B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!recv 7789343A 6 Bytes JMP 71610F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!ioctlsocket 77893CE7 6 Bytes JMP 71690F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!connect 778940D9 6 Bytes JMP 71780F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!WSASend 77894496 6 Bytes JMP 715A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!send 7789659B 6 Bytes JMP 71720F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!sendto 778967C5 6 Bytes JMP 716F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!WSARecv 77898400 6 Bytes JMP 715D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] WS2_32.dll!WSAAsyncSelect 778AA17C 6 Bytes JMP 71660F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3432] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\HP\QuickPlay\QPService.exe[3452] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] kernel32.dll!CreateProcessW 767C1BF3 6 Bytes JMP 71A60F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] kernel32.dll!CreateProcessA 767C1C28 6 Bytes JMP 71A90F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] kernel32.dll!LoadLibraryW 767E9362 6 Bytes JMP 71880F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] kernel32.dll!CloseHandle 7680AE8D 6 Bytes JMP 71970F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] kernel32.dll!CreateFileW 7680AECB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] user32.dll!RegisterRawInputDevices 760E6161 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] user32.dll!RegisterRawInputDevices + 4 760E6165 2 Bytes [8A, 71]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] user32.dll!RegisterHotKey 760EBDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] user32.dll!RegisterHotKey + 4 760EBDA9 2 Bytes [8D, 71]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] user32.dll!TrackPopupMenu 761014F3 5 Bytes JMP 6C36DDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] user32.dll!ExitWindowsEx 7612B7C3 6 Bytes JMP 71A30F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] ADVAPI32.dll!CreateServiceW 76539EB4 6 Bytes JMP 71910F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] ADVAPI32.dll!CreateServiceA 765772A1 6 Bytes JMP 71940F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] WS2_32.dll!socket 778936D1 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] IPHLPAPI.DLL!IcmpSendEcho2Ex 755596D8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] IPHLPAPI.DLL!IcmpSendEcho2 75559C2D 6 Bytes JMP 71A00F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\taskeng.exe[484] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001B0000
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003A0000
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00200002
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00200000
IAT C:\WINDOWS\System32\rundll32.exe[1036] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001B0000
IAT C:\Windows\system32\taskeng.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000C0000
IAT C:\Program Files\Online Armor\oasrv.exe[1592] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C80000
IAT C:\Windows\system32\Dwm.exe[1780] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00110000
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74527817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7457A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7452BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7451F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7451E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74558395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7452DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7451FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7451FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7454C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7451D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74516853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7451687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74522AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1804] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01860000
IAT C:\Program Files\Online Armor\oaui.exe[2496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01600000
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001C0000
IAT C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[2816] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003B0000
IAT C:\Program Files\Online Armor\OAhlp.exe[2928] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01600000
IAT C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01830000
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00760000
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003A0000
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00390000
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003B0000
IAT C:\Users\Megatron\Downloads\Software\Security Software\gmer.exe[3504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01570000
IAT C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3612] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003A0000
IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3672] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003A0000
IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001C0000
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3728] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003B0000
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[3796] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\tdx \Device\Tcp OAmon.sys
Device \Driver\tdx \Device\RawIp6 OAmon.sys
Device \Driver\tdx \Device\Tcp6 OAmon.sys
Device \Driver\tdx \Device\Tdx OAmon.sys
Device \Driver\tdx \Device\Udp OAmon.sys
Device \Driver\tdx \Device\RawIp OAmon.sys
Device \Driver\tdx \Device\Udp6 OAmon.sys

---- EOF - GMER 1.0.15 ----

#4 Jack421

Jack421
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Location:Ontario,CA
  • Local time:08:45 AM

Posted 18 September 2010 - 11:50 PM

messes with the file system and after a few minutes it wont let me open up files and applications




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users