Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Text verification image and text input box do not appear


  • This topic is locked This topic is locked
9 replies to this topic

#1 hopelandscaping

hopelandscaping

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 06 August 2011 - 01:20 AM

MOVED to Virus,Trojan and Malware Removal Logs ~~boopme
Hello,

My computer doesn't display the text verification image and text input field. This has occurred at Craigslist.org and Facebook.com. This has been happening for 1.5 months.

Here are my DDS and GMER logs to get started.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by USER at 22:51:21 on 2011-08-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.856 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Immunet Protect *Enabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LawnPro 4\DB\bin\fbserver.exe
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorerhope.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\USER\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
uURLSearchHooks: H - No File
mWinlogon: Shell=explorerhope.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [cdloader] "c:\documents and settings\user\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284153802093
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0AC43B8A-12B5-41C0-B629-5605D39C573D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A772632D-2C32-4443-B10E-4CEB86DCC4B1} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-6-30 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-6-30 31184]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-3-22 532224]
R2 FirebirdServerLP_SERVER;Firebird Server - LP_SERVER;c:\program files\lawnpro 4\db\bin\fbserver.exe [2010-11-28 3735552]
R2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2011-6-30 756680]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-1 366640]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-1 22712]
S1 MpKsl53b21773;MpKsl53b21773;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f604c4b0-5898-4ab1-a27a-9609e7eeda11}\mpksl53b21773.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f604c4b0-5898-4ab1-a27a-9609e7eeda11}\MpKsl53b21773.sys [?]
S1 MpKsl77a587ea;MpKsl77a587ea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32267219-e91a-4aa1-8413-82fce2bc88b9}\mpksl77a587ea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32267219-e91a-4aa1-8413-82fce2bc88b9}\MpKsl77a587ea.sys [?]
S1 MpKsl88f30aac;MpKsl88f30aac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0926461c-13db-4259-bcaf-1e492000b483}\mpksl88f30aac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0926461c-13db-4259-bcaf-1e492000b483}\MpKsl88f30aac.sys [?]
S1 MpKsl915616db;MpKsl915616db;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32267219-e91a-4aa1-8413-82fce2bc88b9}\mpksl915616db.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32267219-e91a-4aa1-8413-82fce2bc88b9}\MpKsl915616db.sys [?]
S1 MpKslaa1448f7;MpKslaa1448f7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1bb93a5-68c4-4095-8cb2-0676e57fcb53}\mpkslaa1448f7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1bb93a5-68c4-4095-8cb2-0676e57fcb53}\MpKslaa1448f7.sys [?]
S1 MpKslbb35d358;MpKslbb35d358;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a22b89e0-cbd7-4e7b-b468-6f61033a162b}\mpkslbb35d358.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a22b89e0-cbd7-4e7b-b468-6f61033a162b}\MpKslbb35d358.sys [?]
S1 MpKsle9bc2c87;MpKsle9bc2c87;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e32962-529e-48f3-810b-fc61591c3251}\mpksle9bc2c87.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e32962-529e-48f3-810b-fc61591c3251}\MpKsle9bc2c87.sys [?]
S1 MpKsleede61df;MpKsleede61df;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43292123-9724-4959-8791-c153c6897cbb}\mpksleede61df.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43292123-9724-4959-8791-c153c6897cbb}\MpKsleede61df.sys [?]
S1 MpKslff9a1a2f;MpKslff9a1a2f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd37782f-37af-477d-9616-eae86f19783c}\mpkslff9a1a2f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd37782f-37af-477d-9616-eae86f19783c}\MpKslff9a1a2f.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-1 41272]
S4 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
.
=============== Created Last 30 ================
.
2011-08-05 14:41:47 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43e2b105-2552-4f0e-8226-92e62cb666a7}\mpengine.dll
2011-08-02 21:23:59 -------- d-----w- c:\program files\ESET
2011-08-02 05:18:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-01 04:51:20 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2011-08-01 04:50:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 04:50:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-01 04:50:35 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 04:50:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 04:04:56 -------- d--h--w- C:\$AVG
2011-07-11 09:00:32 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
.
==================== Find3M ====================
.
2011-07-02 02:24:45 398760 ----a-r- c:\windows\cpnprt2.cid
2011-07-02 02:24:42 398760 ------w- c:\windows\system32\cpnprt2.cid
2011-06-30 22:59:41 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-06-30 22:59:41 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
.
============= FINISH: 22:52:42.04 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-06 02:24:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e Maxtor_6N040T0 rev.NAN51680
Running: gmer.exe; Driver: C:\DOCUME~1\USER\LOCALS~1\Temp\kfporaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA3B8A534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA3B84782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA3BA36DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA3B8ACC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA3B9DEB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA3B9E2A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA3BA7916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA3B8ADF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA3B85398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA3BA4FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA3BA493C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA3B9CDF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA3BA593C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA3BA5B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA3B84FAA]
SSDT \SystemRoot\system32\DRIVERS\ImmunetSelfProtect.sys (Immunet Self Protect Driver/Windows ® Codename Longhorn DDK provider) ZwOpenKey [0xB9063038]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA3BA01CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA3B9FDF8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA3BA68D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA3BA6208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA3B8A0F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA3BA72A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA3B8A7DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA3B8575C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA3BA6E12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA3BA40C4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA3B9EF0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA3B9EC86]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [C0, AC, B8, A3, B4, DE, B9, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[272] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 033C0B00 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 033C0E60 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 033C0D70 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 033C0C80 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 033C0FE0 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 033BFDE0 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 033C10C0 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 033BFF40 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2092] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2288] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 04390930 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 04390870 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 043906F0 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 043907B0 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 04390B00 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 04390E60 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 04390D70 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 04390C80 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 04390FE0 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 0438FDE0 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 043910C0 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 0438FF40 C:\Documents and Settings\USER\Local Settings\Application Data\Coupons.com\tbCou0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10005E19 C:\Program Files\SelectRebates\SRebates.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2612] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10007EA8 C:\Program Files\SelectRebates\SRebates.dll
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3164] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by boopme, 06 August 2011 - 09:53 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 12 August 2011 - 10:23 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 hopelandscaping

hopelandscaping
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 12 August 2011 - 09:06 PM

My computer doesn't display the text verification image and text input field for several sites including Craigslist.org and Facebook.com. This has been happening for 1.5 months. I am not sure what has caused this. I have already updated my flash driver in an attempt to remedy the problem.

Here is my DDS log

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by USER at 22:02:28 on 2011-08-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1028 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Immunet Protect *Enabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorerhope.exe
svchost.exe
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LawnPro 4\DB\bin\fbserver.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Shell=explorerhope.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [cdloader] "c:\documents and settings\user\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SanDiskSecureAccess_Manager.exe] c:\documents and settings\user\application data\sandisk\SanDiskSecureAccess_Manager.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10u_ActiveX.exe -update activex
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284153802093
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0AC43B8A-12B5-41C0-B629-5605D39C573D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A772632D-2C32-4443-B10E-4CEB86DCC4B1} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-6-30 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-6-30 31184]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-3-22 532224]
R2 FirebirdServerLP_SERVER;Firebird Server - LP_SERVER;c:\program files\lawnpro 4\db\bin\fbserver.exe [2010-11-28 3735552]
R2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2011-6-30 756680]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-1 366640]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-1 22712]
S1 MpKsl53b21773;MpKsl53b21773;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f604c4b0-5898-4ab1-a27a-9609e7eeda11}\mpksl53b21773.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f604c4b0-5898-4ab1-a27a-9609e7eeda11}\MpKsl53b21773.sys [?]
S1 MpKsl77a587ea;MpKsl77a587ea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32267219-e91a-4aa1-8413-82fce2bc88b9}\mpksl77a587ea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32267219-e91a-4aa1-8413-82fce2bc88b9}\MpKsl77a587ea.sys [?]
S1 MpKsl88f30aac;MpKsl88f30aac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0926461c-13db-4259-bcaf-1e492000b483}\mpksl88f30aac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0926461c-13db-4259-bcaf-1e492000b483}\MpKsl88f30aac.sys [?]
S1 MpKsl915616db;MpKsl915616db;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32267219-e91a-4aa1-8413-82fce2bc88b9}\mpksl915616db.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32267219-e91a-4aa1-8413-82fce2bc88b9}\MpKsl915616db.sys [?]
S1 MpKslaa1448f7;MpKslaa1448f7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1bb93a5-68c4-4095-8cb2-0676e57fcb53}\mpkslaa1448f7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1bb93a5-68c4-4095-8cb2-0676e57fcb53}\MpKslaa1448f7.sys [?]
S1 MpKslbb35d358;MpKslbb35d358;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a22b89e0-cbd7-4e7b-b468-6f61033a162b}\mpkslbb35d358.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a22b89e0-cbd7-4e7b-b468-6f61033a162b}\MpKslbb35d358.sys [?]
S1 MpKsle9bc2c87;MpKsle9bc2c87;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e32962-529e-48f3-810b-fc61591c3251}\mpksle9bc2c87.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e32962-529e-48f3-810b-fc61591c3251}\MpKsle9bc2c87.sys [?]
S1 MpKsleede61df;MpKsleede61df;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43292123-9724-4959-8791-c153c6897cbb}\mpksleede61df.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43292123-9724-4959-8791-c153c6897cbb}\MpKsleede61df.sys [?]
S1 MpKslff9a1a2f;MpKslff9a1a2f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd37782f-37af-477d-9616-eae86f19783c}\mpkslff9a1a2f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dd37782f-37af-477d-9616-eae86f19783c}\MpKslff9a1a2f.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-1 41272]
S4 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
.
=============== Created Last 30 ================
.
2011-08-11 19:27:51 6881616 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c9b57bb-a307-421a-ba4d-250922a589d5}\mpengine.dll
2011-08-07 18:34:35 -------- d-----w- c:\documents and settings\user\My Vaults
2011-08-07 06:44:22 -------- d-----w- c:\documents and settings\user\application data\Ludia
2011-08-07 06:44:22 -------- d-----w- c:\documents and settings\all users\application data\Ludia
2011-08-07 06:36:02 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2011-08-07 06:34:27 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2011-08-07 06:33:05 -------- d-----w- c:\documents and settings\user\application data\FCTB000060231
2011-08-07 06:32:15 -------- d-----w- c:\program files\Dogpile Bundle Toolbar
2011-08-06 08:27:45 -------- d-----w- c:\documents and settings\user\application data\SanDisk
2011-08-02 21:23:59 -------- d-----w- c:\program files\ESET
2011-08-02 05:18:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-01 04:51:20 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2011-08-01 04:50:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 04:50:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-01 04:50:35 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 04:50:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 04:04:56 -------- d--h--w- C:\$AVG
.
==================== Find3M ====================
.
2011-07-02 02:24:45 398760 ----a-r- c:\windows\cpnprt2.cid
2011-07-02 02:24:42 398760 ------w- c:\windows\system32\cpnprt2.cid
2011-06-30 22:59:41 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-06-30 22:59:41 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
.
============= FINISH: 22:04:25.25 ===============

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 13 August 2011 - 02:20 AM

Hi again, first lets get rid of some security programs.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and keep only one of these, uninstall the rest: MS Security Essentials or AVG or Immunet.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 hopelandscaping

hopelandscaping
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 13 August 2011 - 07:56 PM

I have removed MS Security Essentials and AVG.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 14 August 2011 - 01:51 AM

Does that improve matters in any way, or are things staying the same?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 hopelandscaping

hopelandscaping
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 14 August 2011 - 12:01 PM

As a matter of fact, it does! Thank you!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 14 August 2011 - 12:45 PM

Good to hear that! Do you have any other problem?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 hopelandscaping

hopelandscaping
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 14 August 2011 - 04:44 PM

No. My computer works great. Thanks for all the help!

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,984 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 15 August 2011 - 02:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users