Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running extremely slow


  • This topic is locked This topic is locked
35 replies to this topic

#1 darkchild101

darkchild101

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 05 August 2011 - 11:25 PM

My computer is running extremely slowly and its almost unusable. When i load a new page it takes forever to load. Antiwarebytes wont update too

Thanks

Attached Files

  • Attached File  DDS.txt   18.36KB   2 downloads
  • Attached File  dds.log   122.38KB   2 downloads
  • Attached File  ark.txt   103.47KB   1 downloads

Edited by darkchild101, 06 August 2011 - 12:39 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:40 PM

Posted 12 August 2011 - 10:23 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 12 August 2011 - 07:27 PM

Hi Elise thanks for coming to my assistance. Here are the logs

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Tendai at 16:18:02 on 2011-08-05
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1917.573 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Online Armor\OAcat.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox/131245e70ac32cba
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7} : DhcpNameServer = 192.168.1.1 192.168.1.1
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~1\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tendai\appdata\roaming\mozilla\firefox\profiles\rsun6w2c.default\
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 38013711;38013711;c:\windows\system32\drivers\38013711.sys [2011-6-24 128016]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl58e8cdcc;MpKsl58e8cdcc;c:\programdata\microsoft\microsoft antimalware\definition updates\{b6ecd9ef-7aeb-4b63-a67b-e1ad77fdd9ef}\MpKsl58e8cdcc.sys [2011-8-5 28752]
R1 MpKsl9f000cda;MpKsl9f000cda;c:\programdata\microsoft\microsoft antimalware\definition updates\{b6ecd9ef-7aeb-4b63-a67b-e1ad77fdd9ef}\MpKsl9f000cda.sys [2011-8-5 28752]
R1 MpKslc52a8595;MpKslc52a8595;c:\programdata\microsoft\microsoft antimalware\definition updates\{b6ecd9ef-7aeb-4b63-a67b-e1ad77fdd9ef}\MpKslc52a8595.sys [2011-8-4 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-6-30 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-6-30 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-6-30 25192]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-21 41272]
.
=============== Created Last 30 ================
.
2011-08-04 23:59:11 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6ecd9ef-7aeb-4b63-a67b-e1ad77fdd9ef}\MpKsl9f000cda.sys
2011-08-04 23:39:58 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6ecd9ef-7aeb-4b63-a67b-e1ad77fdd9ef}\MpKsl58e8cdcc.sys
2011-08-04 23:35:10 -------- d-----w- c:\programdata\!SASCORE
2011-08-04 19:05:16 -------- d-----w- c:\program files\CCleaner
2011-08-04 18:38:19 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6ecd9ef-7aeb-4b63-a67b-e1ad77fdd9ef}\MpKslc52a8595.sys
2011-08-04 17:19:40 -------- d-----w- c:\users\tendai\appdata\local\Conduit
2011-08-04 14:51:49 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6ecd9ef-7aeb-4b63-a67b-e1ad77fdd9ef}\mpengine.dll
2011-08-03 11:57:45 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-08-01 21:22:32 -------- d-----w- c:\programdata\Telefónica
2011-08-01 21:22:20 -------- d-----w- c:\users\tendai\appdata\roaming\Telefónica
2011-08-01 21:20:06 1461992 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2011-07-22 14:12:25 -------- dc----w- C:\ATI
2011-07-16 21:20:51 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-07-16 21:20:51 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-07-16 21:20:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2011-07-16 16:50:49 -------- d-----w- c:\users\tendai\appdata\local\Ahead
2011-07-15 15:44:19 -------- d-----w- c:\programdata\Nero
2011-07-15 15:44:19 -------- d-----w- c:\program files\Nero
2011-07-15 15:09:31 -------- d-----w- c:\program files\AskTBar
2011-07-14 21:21:08 -------- d-----w- c:\program files\Foxit Software
2011-07-13 20:12:47 -------- d-----w- c:\program files\CPUID
2011-07-13 17:43:32 -------- d-----w- c:\program files\common files\Akamai
2011-07-13 17:28:10 -------- d-----w- c:\users\tendai\appdata\roaming\Auslogics
2011-07-13 17:27:54 -------- d-----w- c:\program files\Auslogics
2011-07-13 15:44:01 -------- d-----w- c:\program files\Lavalys
2011-07-13 14:03:44 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 14:03:41 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 14:03:41 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 00:50:51 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4f6e4b83-56d8-41ed-818d-a438a2d4dec9}\gapaengine.dll
2011-07-13 00:50:50 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-07-12 19:10:48 -------- d-----w- c:\program files\GUI for dvdauthor
2011-07-11 20:18:33 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-11 18:48:48 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ea3e05d9-1a72-4ced-968d-2ec74759d97f}\mpengine.dll
2011-07-10 23:12:24 -------- d-----w- c:\users\tendai\appdata\local\ÿÿRsëv…sëv
2011-07-10 21:08:56 -------- d-----w- c:\users\tendai\appdata\roaming\DVDVideoSoft
2011-07-08 11:49:30 -------- d-----w- c:\windows\pss
2011-07-07 23:19:17 -------- d-----w- c:\program files\Epson Software
2011-07-07 23:08:59 -------- d-----w- c:\programdata\EPSON
.
==================== Find3M ====================
.
2011-07-13 13:50:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 18:42:58 100736 -c--a-w- C:\kgliipob.sys
2011-06-22 02:14:34 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-06-17 14:59:01 98816 ----a-w- c:\windows\system32\mfps.dll
2011-06-17 14:59:01 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-06-17 14:59:01 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-06-17 14:59:01 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-06-17 14:59:01 2873344 ----a-w- c:\windows\system32\mf.dll
2011-06-17 14:59:01 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-06-17 14:59:00 586240 ----a-w- c:\windows\system32\stobject.dll
2011-06-17 14:59:00 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-06-16 16:44:52 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-16 16:44:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-15 15:51:50 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-06-15 15:47:43 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-06-15 15:47:43 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-06-15 15:47:43 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-06-15 15:47:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-06-15 15:01:04 23552 ----a-w- c:\windows\system32\lpk.dll
2011-06-15 15:01:04 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-06-15 14:54:42 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-06-15 14:54:41 272896 ----a-w- c:\windows\system32\polstore.dll
2011-06-15 14:45:37 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-06-15 14:45:37 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-06-15 14:45:37 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-06-15 14:45:37 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-06-15 14:45:37 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-06-15 14:45:37 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-06-15 14:45:37 10240 ----a-w- c:\windows\system32\finger.exe
2011-06-15 14:45:36 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-06-15 14:39:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-06-15 14:39:28 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-06-15 14:39:27 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-06-15 14:39:27 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-06-15 14:39:27 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-06-15 14:39:27 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-06-15 14:39:22 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-06-15 14:37:05 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-06-15 14:37:03 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-06-15 14:37:01 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-06-15 14:33:40 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-06-15 14:26:58 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-06-15 14:26:57 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-06-15 14:26:57 2048 ----a-w- c:\windows\system32\mferror.dll
2011-06-15 14:17:02 71680 ----a-w- c:\windows\system32\atl.dll
2011-06-15 14:05:53 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-06-15 14:04:15 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-06-15 14:04:15 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-06-15 13:58:01 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-06-15 13:44:09 623616 ----a-w- c:\windows\system32\localspl.dll
2011-06-15 13:34:50 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-06-15 13:33:21 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-06-15 13:33:20 9728 ----a-w- c:\windows\system32\lsass.exe
2011-06-15 13:33:20 72704 ----a-w- c:\windows\system32\secur32.dll
2011-06-15 13:33:20 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-06-15 13:33:20 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-06-15 13:33:20 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-06-15 13:27:59 3466752 ----a-w- c:\windows\system32\NlsData0013.dll
2011-06-15 13:22:31 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-06-15 13:17:56 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-06-15 13:17:56 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-06-15 13:14:57 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-06-15 13:14:57 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-06-15 13:14:56 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-06-15 13:08:00 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-06-15 13:02:12 98304 ----a-w- c:\windows\system32\cabview.dll
2011-06-15 12:57:39 37888 ----a-w- c:\windows\system32\printcom.dll
2011-06-15 12:54:16 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-06-15 12:53:04 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-06-15 12:53:04 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-06-15 12:53:04 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-06-15 12:53:01 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-06-15 12:53:00 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-06-15 12:52:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-06-15 12:51:27 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-06-15 12:51:27 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-06-15 12:51:27 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-06-15 12:51:27 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-06-15 12:51:27 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-06-15 12:51:26 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-06-15 12:51:26 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-06-15 12:51:26 471552 ----a-w- c:\windows\system32\secproc.dll
2011-06-15 12:51:25 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-06-15 03:52:15 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-06-15 03:50:37 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-06-15 03:50:15 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-06-15 03:49:18 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-06-15 03:47:28 243712 ----a-w- c:\windows\system32\rastls.dll
2011-06-15 03:46:53 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-06-15 03:43:26 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-06-15 03:43:26 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-06-15 03:43:26 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-06-15 03:43:26 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-06-15 03:43:26 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-06-15 03:43:26 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-06-15 03:43:25 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-06-15 03:43:25 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-06-15 03:43:25 1314816 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 16:31:08.03 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-06 05:13:28
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHV2060BH_PL rev.0000002A
Running: gmer.exe; Driver: C:\Users\Tendai\AppData\Local\Temp\kgliipob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x8D32B42C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x8D329A8C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x8D32955E]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0x8D32A928]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x8D32964C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x8D330316]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x8D32946A]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateSection [0x8D3274F2]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThread [0x8D328634]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x8D328D22]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x8D32932C]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x8D32A350]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x8D330694]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x8D3277B4]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenThread [0x8D3288B0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0x8D32A6DA]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x8D32AA44]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestPort [0x8D329CB0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x8D32A018]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRestoreKey [0x8D33010E]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x8D3290CE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x8D32986E]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetContextThread [0x8D328BCC]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x8D32B0E0]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x8D32A28A]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x8D3291FE]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x8D328F7A]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSystemDebugControl [0x8D328E40]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateProcess [0x8D328472]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateThread [0x8D328A66]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x8D32A518]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0x8D32A804]
SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x8D328768]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 321 8206E918 4 Bytes [2C, B4, 32, 8D]
.text ntoskrnl.exe!KeInsertQueue + 32D 8206E924 8 Bytes [8C, 9A, 32, 8D, 5E, 95, 32, ...]
.text ntoskrnl.exe!KeInsertQueue + 381 8206E978 4 Bytes [28, A9, 32, 8D]
.text ntoskrnl.exe!KeInsertQueue + 3B1 8206E9A8 4 Bytes [4C, 96, 32, 8D]
.text ntoskrnl.exe!KeInsertQueue + 3C9 8206E9C0 4 Bytes [16, 03, 33, 8D]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[736] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] kernel32.dll!CreateThread 759DCB2E 5 Bytes JMP 6AC771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!SetWindowsHookExW 75D487AD 5 Bytes JMP 6ACB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!CallNextHookEx 75D48E3B 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!CallNextHookEx 75D48E3B 5 Bytes JMP 6ACD7A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!UnhookWindowsHookEx 75D498DB 5 Bytes JMP 6ACFE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!EnableWindow 75D4CD8B 5 Bytes JMP 6ACB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!DefWindowProcA 75D4DB88 7 Bytes JMP 6AC793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!CreateWindowExA 75D4DC2A 2 Bytes JMP 6AC83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!CreateWindowExA + 3 75D4DC2D 2 Bytes [F3, F4]
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!CreateWindowExW 75D51305 5 Bytes JMP 6ACDFE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!DefWindowProcW 75D603B4 7 Bytes JMP 6ACD7AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!DialogBoxParamW 75D710B0 5 Bytes JMP 6AC115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!DialogBoxIndirectParamW 75D72EF5 5 Bytes JMP 6AE05E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!DialogBoxParamA 75D88152 5 Bytes JMP 6AE05E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!DialogBoxIndirectParamA 75D8847D 5 Bytes JMP 6AE05EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!MessageBoxIndirectA 75D9D4D9 5 Bytes JMP 6AE05DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!MessageBoxIndirectW 75D9D5D3 5 Bytes JMP 6AE05D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!MessageBoxExA 75D9D639 5 Bytes JMP 6AE05CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!MessageBoxExW 75D9D65D 5 Bytes JMP 6AE05C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] ole32.dll!OleLoadFromStream 77081E80 5 Bytes JMP 6AE0666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!select 772E15F4 6 Bytes JMP 71540F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!closesocket 772E330C 6 Bytes JMP 71630F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!recv 772E343A 6 Bytes JMP 71490F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!ioctlsocket 772E3CE7 6 Bytes JMP 71510F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!connect 772E40D9 6 Bytes JMP 71600F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!WSASend 772E4496 6 Bytes JMP 71420F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!send 772E659B 6 Bytes JMP 715A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!sendto 772E67C5 6 Bytes JMP 71570F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!WSAGetOverlappedResult 772E8143 6 Bytes JMP 713C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!WSARecv 772E8400 6 Bytes JMP 71450F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] WS2_32.dll!WSAAsyncSelect 772FA17C 6 Bytes JMP 714E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[736] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71660F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[1708] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Windows\system32\Dwm.exe[1812] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1812] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Windows\system32\Dwm.exe[1812] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Windows\system32\Dwm.exe[1812] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\Dwm.exe[1812] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Windows\system32\Dwm.exe[1812] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Windows\system32\Dwm.exe[1812] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Windows\system32\Dwm.exe[1812] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Windows\system32\Dwm.exe[1812] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Windows\system32\Dwm.exe[1812] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Windows\system32\Dwm.exe[1812] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Windows\system32\Dwm.exe[1812] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Windows\system32\Dwm.exe[1812] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Windows\system32\Dwm.exe[1812] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Windows\system32\Dwm.exe[1812] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Windows\system32\Dwm.exe[1812] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Windows\system32\Dwm.exe[1812] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Windows\system32\Dwm.exe[1812] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Windows\system32\Dwm.exe[1812] USER32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1812] USER32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\Dwm.exe[1812] USER32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Windows\system32\Dwm.exe[1812] USER32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Windows\system32\Dwm.exe[1812] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\Dwm.exe[1812] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Windows\system32\Dwm.exe[1812] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Online Armor\oasrv.exe[1828] kernel32.dll!CreateRemoteThread + 175 759DCCCA 4 Bytes JMP 71A60000
.text C:\Program Files\Online Armor\oasrv.exe[1828] user32.dll!LoadStringA 75D46243 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\oasrv.exe[1828] user32.dll!LoadStringW 75D59CCB 6 Bytes JMP 71A90F5A
.text C:\Windows\Explorer.EXE[1864] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1864] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [6E, 71]
.text C:\Windows\Explorer.EXE[1864] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Windows\Explorer.EXE[1864] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Windows\Explorer.EXE[1864] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 71720F5A
.text C:\Windows\Explorer.EXE[1864] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 71750F5A
.text C:\Windows\Explorer.EXE[1864] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 718A0F5A
.text C:\Windows\Explorer.EXE[1864] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Windows\Explorer.EXE[1864] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Windows\Explorer.EXE[1864] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Windows\Explorer.EXE[1864] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Windows\Explorer.EXE[1864] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 718D0F5A
.text C:\Windows\Explorer.EXE[1864] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 717B0F5A
.text C:\Windows\Explorer.EXE[1864] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71780F5A
.text C:\Windows\Explorer.EXE[1864] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 717E0F5A
.text C:\Windows\Explorer.EXE[1864] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 71810F5A
.text C:\Windows\Explorer.EXE[1864] USER32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1864] USER32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [83, 71]
.text C:\Windows\Explorer.EXE[1864] USER32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Windows\Explorer.EXE[1864] USER32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71870F5A
.text C:\Windows\Explorer.EXE[1864] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Windows\Explorer.EXE[1864] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Windows\Explorer.EXE[1864] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Windows\Explorer.EXE[1864] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 716C0F5A
.text C:\Program Files\Online Armor\oaui.exe[2352] USER32.dll!LoadStringA 75D46243 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\oaui.exe[2352] USER32.dll!LoadStringW 75D59CCB 6 Bytes JMP 71A90F5A
.text C:\Program Files\Online Armor\OAhlp.exe[2436] USER32.dll!LoadStringA 75D46243 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\OAhlp.exe[2436] USER32.dll!LoadStringW 75D59CCB 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2860] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Windows\system32\taskeng.exe[2880] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2880] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Windows\system32\taskeng.exe[2880] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Windows\system32\taskeng.exe[2880] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\taskeng.exe[2880] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Windows\system32\taskeng.exe[2880] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Windows\system32\taskeng.exe[2880] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Windows\system32\taskeng.exe[2880] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Windows\system32\taskeng.exe[2880] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2880] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\taskeng.exe[2880] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Windows\system32\taskeng.exe[2880] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Windows\system32\taskeng.exe[2880] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Windows\system32\taskeng.exe[2880] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Windows\system32\taskeng.exe[2880] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Windows\system32\taskeng.exe[2880] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Windows\system32\taskeng.exe[2880] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Windows\system32\taskeng.exe[2880] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\taskeng.exe[2880] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Windows\system32\taskeng.exe[2880] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Windows\system32\taskeng.exe[2880] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71660F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!select 772E15F4 6 Bytes JMP 71540F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!closesocket 772E330C 6 Bytes JMP 71660F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!recv 772E343A 6 Bytes JMP 71490F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!ioctlsocket 772E3CE7 6 Bytes JMP 71510F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!connect 772E40D9 6 Bytes JMP 71600F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!WSASend 772E4496 6 Bytes JMP 71420F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!send 772E659B 6 Bytes JMP 715A0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!sendto 772E67C5 6 Bytes JMP 71570F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!WSAGetOverlappedResult 772E8143 6 Bytes JMP 713C0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!WSARecv 772E8400 6 Bytes JMP 71450F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] WS2_32.dll!WSAAsyncSelect 772FA17C 6 Bytes JMP 714E0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3008] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!select 772E15F4 6 Bytes JMP 71540F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!closesocket 772E330C 6 Bytes JMP 71630F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!recv 772E343A 6 Bytes JMP 71490F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!ioctlsocket 772E3CE7 6 Bytes JMP 71510F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!connect 772E40D9 6 Bytes JMP 71600F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!WSASend 772E4496 6 Bytes JMP 71420F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!send 772E659B 6 Bytes JMP 715A0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!sendto 772E67C5 6 Bytes JMP 71570F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!WSAGetOverlappedResult 772E8143 6 Bytes JMP 713C0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!WSARecv 772E8400 6 Bytes JMP 71450F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] WS2_32.dll!WSAAsyncSelect 772FA17C 6 Bytes JMP 714E0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3028] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71660F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] kernel32.dll!CreateThread 759DCB2E 5 Bytes JMP 6AC771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!SetWindowsHookExW 75D487AD 5 Bytes JMP 6ACB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!CallNextHookEx 75D48E3B 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!CallNextHookEx 75D48E3B 5 Bytes JMP 6ACD7A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!UnhookWindowsHookEx 75D498DB 5 Bytes JMP 6ACFE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!EnableWindow 75D4CD8B 5 Bytes JMP 6ACB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!DefWindowProcA 75D4DB88 7 Bytes JMP 6AC793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!CreateWindowExA 75D4DC2A 2 Bytes JMP 6AC83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!CreateWindowExA + 3 75D4DC2D 2 Bytes [F3, F4]
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!CreateWindowExW 75D51305 5 Bytes JMP 6ACDFE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!DefWindowProcW 75D603B4 7 Bytes JMP 6ACD7AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!DialogBoxParamW 75D710B0 5 Bytes JMP 6AC115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!DialogBoxIndirectParamW 75D72EF5 5 Bytes JMP 6AE05E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!DialogBoxParamA 75D88152 5 Bytes JMP 6AE05E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!DialogBoxIndirectParamA 75D8847D 5 Bytes JMP 6AE05EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!MessageBoxIndirectA 75D9D4D9 5 Bytes JMP 6AE05DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!MessageBoxIndirectW 75D9D5D3 5 Bytes JMP 6AE05D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!MessageBoxExA 75D9D639 5 Bytes JMP 6AE05CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!MessageBoxExW 75D9D65D 5 Bytes JMP 6AE05C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] ole32.dll!OleLoadFromStream 77081E80 5 Bytes JMP 6AE0666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!select 772E15F4 6 Bytes JMP 71540F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!closesocket 772E330C 6 Bytes JMP 71630F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!recv 772E343A 6 Bytes JMP 71490F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!ioctlsocket 772E3CE7 6 Bytes JMP 71510F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!connect 772E40D9 6 Bytes JMP 71600F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!WSASend 772E4496 6 Bytes JMP 71420F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!send 772E659B 6 Bytes JMP 715A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!sendto 772E67C5 6 Bytes JMP 71570F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!WSAGetOverlappedResult 772E8143 6 Bytes JMP 713C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!WSARecv 772E8400 6 Bytes JMP 71450F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!WSAAsyncSelect 772FA17C 6 Bytes JMP 714E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71660F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3112] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71660F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!EnableWindow 75D4CD8B 5 Bytes JMP 6ACB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!DialogBoxParamW 75D710B0 5 Bytes JMP 6AC115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!DialogBoxIndirectParamW 75D72EF5 5 Bytes JMP 6AE05E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!DialogBoxParamA 75D88152 5 Bytes JMP 6AE05E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!DialogBoxIndirectParamA 75D8847D 5 Bytes JMP 6AE05EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!MessageBoxIndirectA 75D9D4D9 5 Bytes JMP 6AE05DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!MessageBoxIndirectW 75D9D5D3 5 Bytes JMP 6AE05D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!MessageBoxExA 75D9D639 5 Bytes JMP 6AE05CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!MessageBoxExW 75D9D65D 5 Bytes JMP 6AE05C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!select 772E15F4 6 Bytes JMP 71540F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!closesocket 772E330C 6 Bytes JMP 71630F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!recv 772E343A 6 Bytes JMP 71490F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!ioctlsocket 772E3CE7 6 Bytes JMP 71510F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!connect 772E40D9 6 Bytes JMP 71600F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!WSASend 772E4496 6 Bytes JMP 71420F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!send 772E659B 6 Bytes JMP 715A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!sendto 772E67C5 6 Bytes JMP 71570F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!WSAGetOverlappedResult 772E8143 6 Bytes JMP 713C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!WSARecv 772E8400 6 Bytes JMP 71450F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!WSAAsyncSelect 772FA17C 6 Bytes JMP 714E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71660F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] KERNEL32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] KERNEL32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] KERNEL32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] KERNEL32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] KERNEL32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] KERNEL32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3480] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ntdll.dll!LdrLoadDll 771D93A8 5 Bytes JMP 00FA1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!select 772E15F4 6 Bytes JMP 714E0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!closesocket 772E330C 6 Bytes JMP 715D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!recv 772E343A 6 Bytes JMP 71430F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!ioctlsocket 772E3CE7 6 Bytes JMP 714B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!connect 772E40D9 6 Bytes JMP 715A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!WSASend 772E4496 6 Bytes JMP 713C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!send 772E659B 6 Bytes JMP 71540F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!sendto 772E67C5 6 Bytes JMP 71510F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!WSAGetOverlappedResult 772E8143 6 Bytes JMP 71360F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!WSARecv 772E8400 6 Bytes JMP 713F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] WS2_32.dll!WSAAsyncSelect 772FA17C 6 Bytes JMP 71480F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71330F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] KERNEL32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] KERNEL32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] KERNEL32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] KERNEL32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] KERNEL32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] KERNEL32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[3724] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71660F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] KERNEL32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] KERNEL32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] KERNEL32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] KERNEL32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] KERNEL32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] KERNEL32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[3944] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] kernel32.dll!CreateThread 759DCB2E 5 Bytes JMP 6AC771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!SetWindowsHookExW 75D487AD 5 Bytes JMP 6ACB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!CallNextHookEx 75D48E3B 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!CallNextHookEx 75D48E3B 5 Bytes JMP 6ACD7A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!UnhookWindowsHookEx 75D498DB 5 Bytes JMP 6ACFE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!EnableWindow 75D4CD8B 5 Bytes JMP 6ACB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!DefWindowProcA 75D4DB88 7 Bytes JMP 6AC793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!CreateWindowExA 75D4DC2A 2 Bytes JMP 6AC83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!CreateWindowExA + 3 75D4DC2D 2 Bytes [F3, F4]
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!CreateWindowExW 75D51305 5 Bytes JMP 6ACDFE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!DefWindowProcW 75D603B4 7 Bytes JMP 6ACD7AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!DialogBoxParamW 75D710B0 5 Bytes JMP 6AC115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!DialogBoxIndirectParamW 75D72EF5 5 Bytes JMP 6AE05E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!DialogBoxParamA 75D88152 5 Bytes JMP 6AE05E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!DialogBoxIndirectParamA 75D8847D 5 Bytes JMP 6AE05EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!MessageBoxIndirectA 75D9D4D9 5 Bytes JMP 6AE05DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!MessageBoxIndirectW 75D9D5D3 5 Bytes JMP 6AE05D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!MessageBoxExA 75D9D639 5 Bytes JMP 6AE05CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!MessageBoxExW 75D9D65D 5 Bytes JMP 6AE05C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] ole32.dll!OleLoadFromStream 77081E80 5 Bytes JMP 6AE0666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!select 772E15F4 6 Bytes JMP 71540F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!closesocket 772E330C 6 Bytes JMP 71630F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!recv 772E343A 6 Bytes JMP 71490F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!ioctlsocket 772E3CE7 6 Bytes JMP 71510F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!connect 772E40D9 6 Bytes JMP 71600F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!WSASend 772E4496 6 Bytes JMP 71420F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!send 772E659B 6 Bytes JMP 715A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!sendto 772E67C5 6 Bytes JMP 71570F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!WSAGetOverlappedResult 772E8143 6 Bytes JMP 713C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!WSARecv 772E8400 6 Bytes JMP 71450F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] WS2_32.dll!WSAAsyncSelect 772FA17C 6 Bytes JMP 714E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3952] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71660F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] KERNEL32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] KERNEL32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] KERNEL32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] KERNEL32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] KERNEL32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] KERNEL32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[4028] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71660F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4068] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Windows\system32\cmd.exe[4320] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\cmd.exe[4320] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Windows\system32\cmd.exe[4320] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Windows\system32\cmd.exe[4320] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Windows\system32\cmd.exe[4320] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Windows\system32\cmd.exe[4320] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Windows\system32\cmd.exe[4320] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Windows\system32\cmd.exe[4320] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Windows\system32\cmd.exe[4320] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\cmd.exe[4320] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\cmd.exe[4320] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Windows\system32\cmd.exe[4320] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Windows\system32\cmd.exe[4320] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Windows\system32\cmd.exe[4320] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Windows\system32\cmd.exe[4320] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Windows\system32\cmd.exe[4320] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Windows\system32\cmd.exe[4320] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Windows\system32\cmd.exe[4320] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Windows\system32\cmd.exe[4320] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Windows\system32\cmd.exe[4320] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Windows\system32\cmd.exe[4320] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Windows\system32\cmd.exe[4320] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Windows\system32\cmd.exe[4320] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\cmd.exe[4320] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Windows\system32\cmd.exe[4320] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4416] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 71660F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Users\Tendai\Desktop\gmer\gmer.exe[5960] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] user32.dll!SetWindowLongA 75D4E7CD 5 Bytes JMP 6573EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] user32.dll!SetWindowLongW 75D513B4 5 Bytes JMP 6573ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] user32.dll!GetWindowInfo 75D5428E 5 Bytes JMP 65555451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] user32.dll!TrackPopupMenu 75D614F3 5 Bytes JMP 65555A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5992] NETAPI32.dll!NetScheduleJobAdd 755881DC 6 Bytes JMP 715D0F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] ntdll.dll!NtCreateSymbolicLinkObject 77214334 3 Bytes [FF, 25, 1E]
.text C:\Users\Tendai\Desktop\dds.scr[6032] ntdll.dll!NtCreateSymbolicLinkObject + 4 77214338 2 Bytes [68, 71]
.text C:\Users\Tendai\Desktop\dds.scr[6032] kernel32.dll!CreateProcessW 75991BF3 6 Bytes JMP 71A50F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] kernel32.dll!CreateProcessA 75991C28 6 Bytes JMP 71A80F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] kernel32.dll!LoadLibraryW 759B9400 6 Bytes JMP 716C0F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] kernel32.dll!LoadLibraryA 759B957C 6 Bytes JMP 716F0F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] kernel32.dll!CloseHandle 759DB0AD 6 Bytes JMP 718A0F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] kernel32.dll!CreateFileW 759DB0EB 6 Bytes JMP 718D0F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] user32.dll!RegisterHotKey 75D4BDA5 3 Bytes [FF, 25, 1E]
.text C:\Users\Tendai\Desktop\dds.scr[6032] user32.dll!RegisterHotKey + 4 75D4BDA9 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Users\Tendai\Desktop\dds.scr[6032] user32.dll!ExitWindowsEx 75D8B7C3 6 Bytes JMP 71A20F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] user32.dll!DdeClientTransaction 75DA2005 6 Bytes JMP 71810F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] GDI32.dll!DeleteDC 75C268CD 6 Bytes JMP 71750F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] GDI32.dll!BitBlt 75C270A6 6 Bytes JMP 71720F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] GDI32.dll!CreateDCW 75C2A91D 6 Bytes JMP 71780F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] GDI32.dll!CreateDCA 75C2AA49 6 Bytes JMP 717B0F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] ADVAPI32.dll!CreateServiceW 75CB9EB4 6 Bytes JMP 71840F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] ADVAPI32.dll!InitiateSystemShutdownW 75CF1829 6 Bytes JMP 719C0F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] ADVAPI32.dll!InitiateSystemShutdownExW 75CF18F1 6 Bytes JMP 71960F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] ADVAPI32.dll!InitiateSystemShutdownA 75CF19C1 6 Bytes JMP 719F0F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] ADVAPI32.dll!InitiateSystemShutdownExA 75CF1A68 6 Bytes JMP 71990F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] ADVAPI32.dll!CreateServiceA 75CF72A1 6 Bytes JMP 71870F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] WS2_32.dll!socket 772E36D1 6 Bytes JMP 71AE0F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] IPHLPAPI.DLL!IcmpSendEcho2Ex 750E96D8 6 Bytes JMP 71900F5A
.text C:\Users\Tendai\Desktop\dds.scr[6032] IPHLPAPI.DLL!IcmpSendEcho2 750E9C2D 6 Bytes JMP 71930F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\tdx \Device\Tcp OAmon.sys
Device \Driver\tdx \Device\RawIp6 OAmon.sys
Device \Driver\tdx \Device\Tcp6 OAmon.sys
Device \Driver\tdx \Device\Tdx OAmon.sys
Device \Driver\tdx \Device\Udp OAmon.sys
Device \Driver\tdx \Device\RawIp OAmon.sys
Device \Driver\tdx \Device\Udp6 OAmon.sys

---- EOF - GMER 1.0.15 ----

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:40 PM

Posted 13 August 2011 - 02:25 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 13 August 2011 - 09:02 AM

ComboFix 11-08-13.02 - Tendai 13/08/2011 14:07:29.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1917.1233 [GMT 1:00]
Running from: c:\users\Tendai\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 13:15 . 2011-08-13 13:16 -------- d-----w- c:\users\Tendai\AppData\Local\temp
2011-08-13 13:15 . 2011-08-13 13:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-13 13:15 . 2011-08-13 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 01:14 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{326DEEF2-AFF3-41FC-AA63-7E0350A52F9F}\mpengine.dll
2011-08-11 12:13 . 2011-08-11 12:13 -------- d-----w- c:\program files\iPod
2011-08-11 12:13 . 2011-08-11 12:17 -------- d-----w- c:\program files\iTunes
2011-08-11 12:07 . 2011-08-11 12:07 -------- d-----w- c:\program files\Bonjour
2011-08-09 22:11 . 2011-08-09 22:56 -------- d-----w- c:\users\Tendai\AppData\Local\Secunia CSI
2011-08-09 17:49 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 17:48 . 2011-06-17 20:13 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 17:48 . 2011-06-17 13:31 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 17:48 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 17:46 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 17:46 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-09 17:46 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-08 22:59 . 2011-08-08 22:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-03 11:57 . 2011-06-07 07:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-01 21:22 . 2011-08-01 21:22 -------- d-----w- c:\programdata\Telefónica
2011-08-01 21:22 . 2011-08-01 21:22 -------- d-----w- c:\users\Tendai\AppData\Roaming\Telefónica
2011-08-01 21:20 . 2009-07-14 04:27 1461992 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2011-07-22 14:12 . 2011-07-22 14:12 -------- dc----w- C:\ATI
2011-07-16 21:20 . 2003-05-21 22:50 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-07-16 21:20 . 2002-01-05 13:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-07-16 21:20 . 2002-01-05 13:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2011-07-16 16:50 . 2011-07-17 12:41 -------- d-----w- c:\users\Tendai\AppData\Local\Ahead
2011-07-15 15:59 . 2011-07-28 22:34 -------- d-----w- c:\users\Tendai\AppData\Roaming\Ahead
2011-07-15 15:56 . 2011-07-15 15:56 -------- d-----w- c:\programdata\Ahead
2011-07-15 15:44 . 2011-07-15 15:52 -------- d-----w- c:\program files\Common Files\Ahead
2011-07-15 15:44 . 2011-07-15 15:44 -------- d-----w- c:\programdata\Nero
2011-07-15 15:44 . 2011-07-15 15:44 -------- d-----w- c:\program files\Nero
2011-07-15 15:09 . 2011-08-04 23:39 -------- d-----w- c:\program files\AskTBar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 12:33 . 2011-06-29 18:42 100864 -c--a-w- C:\kgliipob.sys
2011-07-13 13:50 . 2011-06-21 23:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:39 . 2011-07-13 00:50 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-13 00:50 . 2011-07-13 00:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F6E4B83-56D8-41ED-818D-A438A2D4DEC9}\gapaengine.dll
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-06 18:52 . 2011-06-21 21:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-06-21 21:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 17:37 . 2011-07-05 17:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 17:37 . 2011-07-05 17:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-22 02:14 . 2011-06-22 02:14 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-06-17 15:00 . 2011-06-17 15:00 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-17 15:00 . 2011-06-17 15:00 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-17 15:00 . 2011-06-17 15:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-17 15:00 . 2011-06-17 15:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-17 15:00 . 2011-06-17 15:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-17 15:00 . 2011-06-17 15:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-17 15:00 . 2011-06-17 15:00 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-17 15:00 . 2011-06-17 15:00 367104 ----a-w- c:\windows\system32\html.iec
2011-06-17 15:00 . 2011-06-17 15:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-17 15:00 . 2011-06-17 15:00 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-17 15:00 . 2011-06-17 15:00 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-17 15:00 . 2011-06-17 15:00 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-17 15:00 . 2011-06-17 15:00 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-17 15:00 . 2011-06-17 15:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-17 15:00 . 2011-06-17 15:00 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-17 15:00 . 2011-06-17 15:00 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-17 15:00 . 2011-06-17 15:00 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-17 15:00 . 2011-06-17 15:00 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-17 14:59 . 2011-06-17 14:59 98816 ----a-w- c:\windows\system32\mfps.dll
2011-06-17 14:59 . 2011-06-17 14:59 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-06-17 14:59 . 2011-06-17 14:59 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-06-17 14:59 . 2011-06-17 14:59 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-06-17 14:59 . 2011-06-17 14:59 2873344 ----a-w- c:\windows\system32\mf.dll
2011-06-17 14:59 . 2011-06-17 14:59 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-06-17 14:59 . 2011-06-17 14:59 586240 ----a-w- c:\windows\system32\stobject.dll
2011-06-17 14:59 . 2011-06-17 14:59 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-06-17 14:58 . 2011-06-17 14:58 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-06-17 14:58 . 2011-06-17 14:58 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-06-17 14:58 . 2011-06-17 14:58 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-06-17 14:58 . 2011-06-17 14:58 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-06-17 14:58 . 2011-06-17 14:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-06-17 14:58 . 2011-06-17 14:58 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-06-17 14:58 . 2011-06-17 14:58 258048 ----a-w- c:\windows\system32\winspool.drv
2011-06-17 14:58 . 2011-06-17 14:58 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-06-17 14:58 . 2011-06-17 14:58 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-06-17 14:58 . 2011-06-17 14:58 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-06-17 14:58 . 2011-06-17 14:58 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-06-17 14:58 . 2011-06-17 14:58 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-06-17 14:58 . 2011-06-17 14:58 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-06-17 14:58 . 2011-06-17 14:58 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-06-17 14:58 . 2011-06-17 14:58 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-06-16 16:44 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-16 16:44 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-15 15:51 . 2011-06-15 15:51 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-06-15 15:47 . 2011-06-15 15:47 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-06-15 15:47 . 2011-06-15 15:47 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-06-15 15:47 . 2011-06-15 15:47 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-06-15 15:47 . 2011-06-15 15:47 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-06-15 15:01 . 2011-06-15 15:01 23552 ----a-w- c:\windows\system32\lpk.dll
2011-06-15 15:01 . 2011-06-15 15:01 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-06-15 14:54 . 2011-06-15 14:54 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-06-15 14:54 . 2011-06-15 14:54 272896 ----a-w- c:\windows\system32\polstore.dll
2011-06-15 14:45 . 2011-06-15 14:45 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-06-15 14:45 . 2011-06-15 14:45 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-06-15 14:45 . 2011-06-15 14:45 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-06-15 14:45 . 2011-06-15 14:45 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-06-15 14:45 . 2011-06-15 14:45 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-06-15 14:45 . 2011-06-15 14:45 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-06-15 14:45 . 2011-06-15 14:45 10240 ----a-w- c:\windows\system32\finger.exe
2011-06-15 14:45 . 2011-06-15 14:45 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-06-15 14:39 . 2011-06-15 14:39 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-06-15 14:39 . 2011-06-15 14:39 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-06-15 14:39 . 2011-06-15 14:39 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-06-15 14:39 . 2011-06-15 14:39 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-06-15 14:39 . 2011-06-15 14:39 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-06-15 14:39 . 2011-06-15 14:39 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-06-15 14:39 . 2011-06-15 14:39 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-06-15 14:37 . 2011-06-15 14:37 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-06-15 14:37 . 2011-06-15 14:37 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-06-15 14:37 . 2011-06-15 14:37 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-06-15 14:33 . 2011-06-15 14:33 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-06-15 14:26 . 2011-06-15 14:26 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-06-15 14:26 . 2011-06-15 14:26 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-06-15 14:26 . 2011-06-15 14:26 2048 ----a-w- c:\windows\system32\mferror.dll
2011-06-15 14:17 . 2011-06-15 14:17 71680 ----a-w- c:\windows\system32\atl.dll
2011-06-15 14:05 . 2011-06-15 14:05 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-06-15 14:04 . 2011-06-15 14:04 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-06-15 14:04 . 2011-06-15 14:04 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-06-15 13:58 . 2011-06-15 13:58 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-06-15 13:44 . 2011-06-15 13:44 623616 ----a-w- c:\windows\system32\localspl.dll
2011-06-15 13:34 . 2011-06-15 13:34 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-06-15 13:33 . 2011-06-15 13:33 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-06-15 13:33 . 2011-06-15 13:33 9728 ----a-w- c:\windows\system32\lsass.exe
2011-06-15 13:33 . 2011-06-15 13:33 72704 ----a-w- c:\windows\system32\secur32.dll
2011-06-15 13:33 . 2011-06-15 13:33 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-06-15 13:33 . 2011-06-15 13:33 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-06-15 13:33 . 2011-06-15 13:33 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-06-22 21:01 . 2011-06-15 01:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-08-27 1050072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2011-04-06 2477032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2011-04-06 354720]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2006-12-11 17:27 530552 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2011-04-06 12:01 2477032 ----a-w- c:\program files\Online Armor\oaui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 13:09 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 17:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-07-06 18:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 14:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-01 15:37 3772416 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2006-12-14 19:09 493688 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2006-12-15 17:11 577536 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2006-12-13 14:42 554640 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Volume Indicator]
2006-12-13 09:33 94208 ----a-w- c:\program files\TOSHIBA\Utilities\VolControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-12-14 19:07 411768 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl04eaf06c;MpKsl04eaf06c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B27B764D-EBF1-4342-AF26-A1C2EE6F7DEE}\MpKsl04eaf06c.sys [x]
R1 MpKsl06a507d1;MpKsl06a507d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBE2861F-2422-4A66-A572-9BD1DDF27015}\MpKsl06a507d1.sys [x]
R1 MpKsl335422d6;MpKsl335422d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB6A579E-6036-4E3D-98B0-A58A1CFE1D05}\MpKsl335422d6.sys [x]
R1 MpKsl60d4b5f6;MpKsl60d4b5f6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBE2861F-2422-4A66-A572-9BD1DDF27015}\MpKsl60d4b5f6.sys [x]
R1 MpKsl65d26787;MpKsl65d26787;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{799228E2-377F-4E67-B8C9-13D3C779151E}\MpKsl65d26787.sys [x]
R1 MpKsl7b84d449;MpKsl7b84d449;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01D89368-EA7B-4100-A907-618E2B54E5FE}\MpKsl7b84d449.sys [x]
R1 MpKsl80d940e9;MpKsl80d940e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBE2861F-2422-4A66-A572-9BD1DDF27015}\MpKsl80d940e9.sys [x]
R1 MpKsl84a22a75;MpKsl84a22a75;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90C35501-E546-4EBC-B49F-1C1B10D2F22B}\MpKsl84a22a75.sys [x]
R1 MpKslddad8878;MpKslddad8878;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B52D0B1-47CB-4DBB-9218-2C13FC8F5EED}\MpKslddad8878.sys [x]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-04-06 39048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 136176]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2011-04-06 4326472]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 38013711;38013711;c:\windows\system32\DRIVERS\38013711.sys [2009-09-25 128016]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-04-06 205864]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-04-06 25192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-04 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-04 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2011-04-06 381512]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-08-27 124368]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 01:17]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 01:17]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox/131245e70ac32cba
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{85B9BBD9-7474-4605-8E3F-FE01B97288A7}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Tendai\AppData\Roaming\Mozilla\Firefox\Profiles\rsun6w2c.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
MSConfigStartUp-NDSTray - NDSTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 14:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-08-13 14:21:50
ComboFix-quarantined-files.txt 2011-08-13 13:21
.
Pre-Run: 31,014,408,192 bytes free
Post-Run: 30,900,035,584 bytes free
.
- - End Of File - - 9C6F1A06C64867F4C8678ED221341DC3

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:40 PM

Posted 13 August 2011 - 09:07 AM

Hi again, how are things running now?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 13 August 2011 - 09:19 AM

TDSS found no infection. The system is still pretty much the same. FLV vidoes keep buffering and windows media player keeps crashing/freezing, Antimalwarenytes wont update still and its still slow

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:40 PM

Posted 13 August 2011 - 09:24 AM

Please uninstall/reinstall Malwarebytes antimalware and let me know if you can update and run a scan afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 13 August 2011 - 09:59 AM

Hi i have uninstalled then reinstalled and iut still refuses to update

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:40 PM

Posted 13 August 2011 - 11:09 AM

Can you give me the exact update error.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 13 August 2011 - 12:03 PM

PROGRAM_ERROR_UPDATING (2.0, Connection Refused)


Thats what its saying

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:40 PM

Posted 13 August 2011 - 01:45 PM

Can you reboot in Safe Mode with Networking and try to update it from there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 13 August 2011 - 01:55 PM

Hi Elise yes its updating in safe mode. Weird that

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:40 PM

Posted 13 August 2011 - 02:01 PM

Please update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 darkchild101

darkchild101
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 13 August 2011 - 03:04 PM

Scan finsihed in safe mode, no malicious items found




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users