Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • Please log in to reply
No replies to this topic

#1 LarryThePCGuy

LarryThePCGuy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 01 May 2011 - 07:43 AM

First time member so I hope I'm doing this right.....(I have read all the posts)

I have tried a lot of things to get rid of the redirect virus.
The Windows XP SP3 Toshiba laptop that I have was very infected.
I have run MalwareBytes and SuperAntiSypware many times in safe mode and remove many infections, but not the redirection. I also can't get to Windows update web page. It is blocked with "cannot display the webpage".

Any help would be appreciated!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 8:50:56.87 on Sun 05/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1019 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Eula.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://yme.music.yahoo.com/uninstallForm.asp
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe"
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\comcast\comcas~1\data\xtras\mssysmgr.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"
mRun: [DDWMon] "c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] "c:\program files\toshiba\touch and launch\PadExe.exe"
mRun: [TFncKy] TFncKy.exe
mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304129632734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\t1udcf2j.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl3aba8c59;MpKsl3aba8c59;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{449ae30a-aba4-44a1-9654-19515e1e0616}\MpKsl3aba8c59.sys [2011-5-1 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-9 24652]
S0 nsnwgahf;nsnwgahf;c:\windows\system32\drivers\alnfr.sys --> c:\windows\system32\drivers\alnfr.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 135664]
S2 srv11D8;srv11D8;c:\windows\system32\svchost.exe -k netsvcs [2006-7-18 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 135664]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys --> c:\sysprep\drivers\ioport.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-7-18 14336]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]
.
=============== Created Last 30 ================
.
2011-05-01 14:47:11 -------- d-----w- C:\NBRT
2011-05-01 11:58:25 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{449ae30a-aba4-44a1-9654-19515e1e0616}\MpKsl3aba8c59.sys
2011-04-30 23:07:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-30 22:45:16 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Magentic
2011-04-30 17:56:44 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PCHealth
2011-04-30 17:33:18 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{449ae30a-aba4-44a1-9654-19515e1e0616}\mpengine.dll
2011-04-30 17:33:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-30 17:17:21 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-30 03:47:28 -------- d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2011-04-30 03:47:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-30 03:47:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-30 02:50:44 -------- d-----w- c:\docume~1\owner\applic~1\ElevatedDiagnostics
2011-04-30 02:08:12 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2011-04-30 02:06:52 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2011-04-30 02:05:21 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2011-04-30 01:48:40 -------- dc-h--w- c:\windows\ie8
2011-04-29 23:09:27 54016 ----a-w- c:\windows\system32\drivers\csmb.sys
2011-04-29 22:43:32 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2011-04-29 22:43:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 22:43:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-29 22:43:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-29 22:43:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-14 01:23:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Antivirus AntiSpyware 2011
.
==================== Find3M ====================
.
2011-04-30 23:06:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2080BH_PL rev.0000002A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A73F439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7457d0]; MOV EAX, [0x8a74584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A752AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000080[0x8A797268]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A758940]
\Driver\atapi[0x8A79A030] -> IRP_MJ_CREATE -> 0x8A73F439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2080BH_PL____________________0000002A#5&35291d97&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A73F27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 8:52:49.26 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2006 1:10:07 PM
System Uptime: 5/1/2011 7:57:32 AM (1 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U1 | 1596/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 53.761 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP567: 1/27/2011 8:29:18 PM - System Checkpoint
RP568: 2/7/2011 1:26:30 PM - System Checkpoint
RP569: 2/9/2011 11:44:54 AM - System Checkpoint
RP570: 2/10/2011 6:48:33 PM - System Checkpoint
RP571: 2/11/2011 7:33:38 PM - Software Distribution Service 3.0
RP572: 2/13/2011 2:57:06 PM - System Checkpoint
RP573: 2/16/2011 3:18:35 PM - System Checkpoint
RP574: 2/19/2011 7:18:09 PM - System Checkpoint
RP575: 2/22/2011 8:40:48 PM - System Checkpoint
RP576: 2/24/2011 6:33:45 PM - System Checkpoint
RP577: 2/26/2011 11:55:24 AM - ARO 2011 - Before Installation
RP578: 2/27/2011 1:41:02 PM - System Checkpoint
RP579: 3/10/2011 12:12:51 AM - Software Distribution Service 3.0
RP580: 3/13/2011 12:29:01 PM - System Checkpoint
RP581: 3/15/2011 1:29:30 PM - System Checkpoint
RP582: 3/16/2011 1:43:47 PM - System Checkpoint
RP583: 3/16/2011 10:38:47 PM - Software Distribution Service 3.0
RP584: 3/18/2011 5:17:19 PM - System Checkpoint
RP585: 3/22/2011 11:44:54 AM - System Checkpoint
RP586: 3/23/2011 10:33:57 PM - Software Distribution Service 3.0
RP587: 3/24/2011 10:39:25 PM - System Checkpoint
RP588: 3/28/2011 6:08:35 PM - System Checkpoint
RP589: 4/1/2011 9:23:07 PM - System Checkpoint
RP590: 4/4/2011 2:42:52 PM - System Checkpoint
RP591: 4/11/2011 3:48:54 PM - System Checkpoint
RP592: 4/14/2011 11:35:21 AM - System Checkpoint
RP593: 4/16/2011 11:50:28 AM - System Checkpoint
RP594: 4/21/2011 10:06:33 AM - System Checkpoint
RP595: 4/22/2011 8:40:01 PM - System Checkpoint
RP596: 4/28/2011 8:57:45 PM - System Checkpoint
RP597: 4/29/2011 9:51:20 PM - Installed Windows Internet Explorer 8.
RP598: 4/29/2011 10:47:22 PM - Installed %1 %2.
RP599: 4/30/2011 6:47:09 PM - Removed Sammsoft Toolbar.
RP600: 4/30/2011 7:06:22 PM - Installed Java™ 6 Update 25
RP601: 4/30/2011 7:13:14 PM - Removed Adobe Reader 7.1.0
RP602: 4/30/2011 7:14:04 PM - Installed Adobe Reader X (10.0.1).
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
AiO_Scan
Bejeweled 2 Deluxe
Betty's Beer Bar
Blackhawk Striker 2
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DVD-RAM Driver
GearDrvs
GemMaster Mystic
Google Earth
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 25
Java™ 6 Update 6
Mah Jong Quest
Malwarebytes' Anti-Malware
MCCI Control Installer
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
mLogView
mMHouse
Mozilla Firefox 4.0.1 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
Otto
Penguins!
Picasa 3
Polar Bowler
QFolder
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scan
SCRABBLE
SD Secure Module
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smilebox
Sonic Encoders
SUPERAntiSpyware
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/30/2011 7:58:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/30/2011 7:42:57 PM, error: Dhcp [1002] - The IP address lease 192.168.0.103 for the Network Card with network address 00A0D15E92F5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/30/2011 7:34:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter SASDIFSV SASKUTIL
4/30/2011 7:27:46 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DEA6B321. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/30/2011 6:50:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL
4/30/2011 2:07:35 PM, error: Service Control Manager [7023] - The srv11D8 service terminated with the following error: The specified module could not be found.
4/30/2011 1:56:35 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_AlureonMbr Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: TOSHIBA-USER\Owner Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.103.780.0, AS: 1.103.780.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.6802.0, NIS: 0.0.0.0
4/30/2011 1:51:39 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.A&threatid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_AlureonMbr Detection Origin: Unknown Detection Type: Concrete Detection Source: User User: TOSHIBA-USER\Owner Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.103.780.0, AS: 1.103.780.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.6802.0, NIS: 0.0.0.0
4/30/2011 1:45:02 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.780.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/29/2011 8:42:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/29/2011 6:38:02 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/29/2011 6:19:41 PM, error: RemoteAccess [20106] - Unable to add the interface {2DDEE331-25F0-490E-BC01-57EA6961B12A} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
4/29/2011 6:19:08 PM, error: F-Secure Gatekeeper [1] -
4/29/2011 6:13:44 PM, error: Service Control Manager [7023] - The srv11D8 service terminated with the following error: Invalid access to memory location.
4/29/2011 6:09:52 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
4/29/2011 5:05:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
4/29/2011 5:02:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/29/2011 4:53:15 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00A0D15E92F5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/28/2011 8:36:38 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0018DEA6B321 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/28/2011 10:05:53 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0018DEA6B321 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-01 09:30:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 FUJITSU_MHV2080BH_PL rev.0000002A
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwrdyfob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9D30E620]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DC000A
.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DA000C
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0089000A
.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 008A000A
.text C:\WINDOWS\System32\svchost.exe[1292] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A3000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1308] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A3000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01209315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 012DDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 012DDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01241CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1352] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 012E488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EB000A
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EC000A
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00EA000C
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtCreateKey + 6 7C90D0F4 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtCreateKey + B 7C90D0F9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtCreateMutant + 6 7C90D114 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtCreateMutant + B 7C90D119 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtCreateSection + 6 7C90D184 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtCreateSection + B 7C90D189 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [A8, 04, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenKey + 6 7C90D5D4 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenKey + B 7C90D5D9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenMutant + 6 7C90D5E4 4 Bytes CALL 7B90EBEA
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenMutant + B 7C90D5E9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenProcess + 6 7C90D604 1 Byte [28]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenProcessToken + 6 7C90D614 1 Byte [68]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [28, 04, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenSection + 6 7C90D634 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenSection + B 7C90D639 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes CALL 7B90EC6B
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenThreadToken + 6 7C90D674 1 Byte [E8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes CALL 7B90EC7C
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes [68, 04, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 1 Byte [A8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [A8, 03, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes CALL 7B90F51D
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002F00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002F00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] kernel32.dll!CreateEventW 7C80A749 5 Bytes JMP 002F0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] kernel32.dll!OpenEventW 7C8131E0 5 Bytes JMP 002F0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!RegisterClipboardFormatA 7E418E28 5 Bytes JMP 003E02F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!RegisterClipboardFormatW 7E41AF34 5 Bytes JMP 003E02B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 003E0530
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!ActivateKeyboardLayout 7E428673 5 Bytes JMP 003E04F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!IsClipboardFormatAvailable 7E42F166 5 Bytes JMP 003E00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!GetClipboardSequenceNumber 7E42F17A 2 Bytes JMP 003E0330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!GetClipboardSequenceNumber + 3 7E42F17D 2 Bytes [FB, 81]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!CloseClipboard 7E430265 5 Bytes JMP 003E00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!OpenClipboard 7E430277 5 Bytes JMP 003E0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!SetClipboardViewer 7E430473 5 Bytes JMP 003E04B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!ChangeClipboardChain 7E430487 5 Bytes JMP 003E0430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!EmptyClipboard 7E430D96 5 Bytes JMP 003E0130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!GetClipboardOwner 7E430DA8 5 Bytes JMP 003E0370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 003E0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 003E0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!GetClipboardFormatNameA 7E431290 5 Bytes JMP 003E0270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!CountClipboardFormats 7E43167F 5 Bytes JMP 003E01F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!GetOpenClipboardWindow 7E431691 5 Bytes JMP 003E03F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!EnumClipboardFormats 7E43E53D 5 Bytes JMP 003E01B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!GetClipboardFormatNameW 7E45957F 5 Bytes JMP 003E0230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!GetClipboardViewer 7E46CB94 5 Bytes JMP 003E0470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] USER32.dll!GetPriorityClipboardFormat 7E46CC96 5 Bytes JMP 003E03B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!GetDeviceCaps 77F15A71 5 Bytes JMP 003F0370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SelectObject 77F15B70 5 Bytes JMP 003F05B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SetTextColor 77F15D77 5 Bytes JMP 003F0970
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SetBkMode 77F15EDB 5 Bytes JMP 003F0830
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!IntersectClipRect 77F16A56 5 Bytes JMP 003F03B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!GetClipBox 77F16AA1 5 Bytes JMP 003F0330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!DeleteObject 77F16BFA 5 Bytes JMP 003F01B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003F0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!ExtSelectClipRgn 77F17874 5 Bytes JMP 003F02F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SelectClipRgn 77F17AA0 5 Bytes JMP 003F0570
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!GetTextMetricsW 77F17DB9 5 Bytes JMP 003F0D30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 003F08B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SetStretchBltMode 77F18597 5 Bytes JMP 003F05F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!RestoreDC 77F18B28 5 Bytes JMP 003F04F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SaveDC 77F18BEE 5 Bytes JMP 003F0530
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SetTextAlign 77F18C8B 5 Bytes JMP 003F0930
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!MoveToEx 77F1A21A 5 Bytes JMP 003F0430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!GetTextFaceW 77F1A5CB 5 Bytes JMP 003F0C70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!StretchDIBits 77F1B0AE 2 Bytes JMP 003F06B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!StretchDIBits + 3 77F1B0B1 2 Bytes [4D, 88]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SetWorldTransform 77F1B457 5 Bytes JMP 003F0630
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003F00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003F00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!ExtEscape 77F1C3CC 5 Bytes JMP 003F02B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 003F0870
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!LineTo 77F1D997 5 Bytes JMP 003F03F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!GetTextMetricsA 77F1DF45 5 Bytes JMP 003F0CF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SetICMMode 77F1E868 5 Bytes JMP 003F0CB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!Rectangle 77F1E9BE 5 Bytes JMP 003F08F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!GetFontData 77F1F314 5 Bytes JMP 003F0BB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!GetTextFaceA 77F1F365 5 Bytes JMP 003F0C30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SetPolyFillMode 77F20817 5 Bytes JMP 003F0A70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SetMiterLimit 77F20E8E 5 Bytes JMP 003F0AB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!Escape 77F26F5A 5 Bytes JMP 003F0270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!ResetDCW 77F2B9AF 5 Bytes JMP 003F09F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!CreateICW 77F2C813 5 Bytes JMP 003F0130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!BeginPath 77F2D4B0 5 Bytes JMP 003F0770
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!EndPath 77F2D530 5 Bytes JMP 003F09B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!SelectClipPath 77F2D5B7 5 Bytes JMP 003F0A30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!EndPage 77F2DC61 5 Bytes JMP 003F0230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!EndDoc 77F2DEF1 5 Bytes JMP 003F01F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!PolyBezierTo 77F2EBD1 5 Bytes JMP 003F0470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!PolylineTo 77F2EC7E 5 Bytes JMP 003F04B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!CloseFigure 77F2ED1A 5 Bytes JMP 003F0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!StartPage 77F2F49E 5 Bytes JMP 003F0670
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!RemoveFontResourceW 77F3D07C 5 Bytes JMP 003F0B70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!GetGlyphOutlineW 77F3E6D1 5 Bytes JMP 003F0BF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!AddFontResourceW 77F3FFAB 5 Bytes JMP 003F0B30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!CreateScalableFontResourceW 77F40160 5 Bytes JMP 003F0AF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!AbortDoc 77F44CD2 5 Bytes JMP 003F0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 003F0730
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!StrokePath 77F460B7 5 Bytes JMP 003F06F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!FillPath 77F46144 5 Bytes JMP 003F07B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] GDI32.dll!PolyDraw 77F4667B 5 Bytes JMP 003F07F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2800] ole32.dll!OleSetClipboard 775477E8 5 Bytes JMP 00560030

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A73F27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A73F27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A73F27F
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2080BH_PL____________________0000002A#5&35291d97&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\TMP00008E37EC3B12ED78890335 0 bytes

---- EOF - GMER 1.0.15 ----

Edited by LarryThePCGuy, 01 May 2011 - 08:45 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users