Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slooowing Doooooown


  • This topic is locked This topic is locked
31 replies to this topic

#1 TomRichardson

TomRichardson

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 03 December 2011 - 03:18 PM

Referred from: http://www.bleepingcomputer.com/forums/topic430199.html ~ OB

Here are the logs you requested:

Notes: My computer started slowing down so I downloaded Advanced System Care and also Opera(Browser). Now, I'm slowing down even more!!!! I'm so slow I have to go out the room while google loads or I'll throw the Bleeping thing out the window. I un-installed both but that hasn't worked. Would someone please tell me what to do.

And: Hello,
Thank you for helping me. I found two Trojans yesterday running malwarebytes in safe mode:

c:\program files\common files\Java\Update\base images\jre1.5.0.b64\patch-jre1.5.0_01.b08\patchjre.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jre1.5.0_01\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.

Other symptoms are: Photo’s screen saver gets stuck and I can’t change the desktop theme.
I bought some software from e-bay and it was Chinese pirated software> I’ve got my money back but I think they were infected with something because I’m getting unsolicited e-mail from china.
I think I have been hacked?
Anyway thanks for helping. Here’s the logs:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 29/10/2009 19:06:09
System Uptime: 03/12/2011 14:58:56 (2 hours ago)
.
Motherboard: Intel Corporation | | D945GCLF
Processor: Intel® Atom™ CPU 230 @ 1.60GHz | U1PR | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 180.667 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP269: 01/12/2011 20:20:30 - Windows 7 Service Pack 1
RP270: 01/12/2011 22:08:29 - Windows Update
RP271: 01/12/2011 22:20:18 - Windows Update
RP272: 01/12/2011 22:28:12 - Windows Update
RP273: 01/12/2011 22:31:31 - Windows Update
RP274: 01/12/2011 22:35:04 - Windows Update
RP275: 01/12/2011 22:38:44 - Windows Update
RP276: 01/12/2011 22:42:46 - Windows Update
RP277: 01/12/2011 22:50:08 - Windows Update
RP278: 01/12/2011 22:53:50 - Windows Update
RP279: 01/12/2011 22:55:42 - Windows Update
RP280: 01/12/2011 23:04:46 - Windows Update
RP281: 01/12/2011 23:09:59 - Windows Update
RP282: 01/12/2011 23:13:32 - Windows Update
RP283: 02/12/2011 07:43:38 - Windows Update
RP284: 02/12/2011 08:23:30 - Windows Update
RP285: 02/12/2011 12:41:59 - Windows Update
RP286: 02/12/2011 12:48:26 - Windows Update
RP287: 02/12/2011 12:51:46 - Windows Update
RP288: 02/12/2011 13:03:09 - Windows Update
RP289: 02/12/2011 13:06:34 - Windows Update
RP290: 02/12/2011 13:24:37 - Windows Update
RP291: 02/12/2011 14:17:04 - Windows Update
RP292: 02/12/2011 14:22:14 - Windows Update
RP293: 02/12/2011 15:30:00 - Windows Update
RP294: 02/12/2011 15:35:25 - Windows Update
RP295: 02/12/2011 16:01:26 - Windows Update
RP296: 02/12/2011 16:06:24 - Windows Update
RP297: 02/12/2011 16:12:30 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3Connect
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVG Free 9.0
AVG PC Tuneup 2011
Bing Bar
Bing Bar Platform
Bonjour
BT Broadband Desktop Help
BTHomeHub
Compendium 1.5.2
Coupon Printer for Windows
Create Resumes Quick & Easy
DVD Shrink 3.2
Email Extractor
FirstClass® Client
FMS
Free NaturalReader
FUJIFILM MyFinePix Studio 2.0
Google Chrome
Google Earth
Google Update Helper
GoToAssist Corporate
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
iCloud
Intel® Graphics Media Accelerator Driver
Intel® Integrator Assistant
Intel® Platform Administration Technology
iTunes
J2SE Runtime Environment 5.0 Update 1
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft IntelliType Pro 8.2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
ML-1200 Series
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 8 Essentials
neroxml
OpenOffice.org 3.2
QuickTime
RAF
Rapport
RealPlayer
RealUpgrade 1.0
Safari
Samsung ML-1200 Series
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Serif PagePlus 10.0
Skype web features
Skype™ 4.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vodafone Mobile Connect Lite
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
ZTE_1.2059.0.8
.
==== Event Viewer Messages From Past Week ========
.
03/12/2011 15:00:00, Error: Service Control Manager [7001] - The AVG Free E-mail Scanner service depends on the AVG Free WatchDog service which failed to start because of the following error: The system cannot find the file specified.
03/12/2011 14:59:56, Error: Service Control Manager [7000] - The AVG Free WatchDog service failed to start due to the following error: The system cannot find the file specified.
03/12/2011 08:49:46, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
03/12/2011 08:48:23, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
03/12/2011 08:48:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
03/12/2011 08:48:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
03/12/2011 08:48:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
03/12/2011 08:48:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
03/12/2011 08:48:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/12/2011 08:48:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
03/12/2011 08:47:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX CSC DfsC discache NetBIOS NetBT nsiproxy Psched RapportKELL rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
03/12/2011 08:47:45, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
03/12/2011 08:47:45, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
03/12/2011 08:47:45, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
03/12/2011 08:47:45, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
03/12/2011 08:47:45, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
03/12/2011 08:47:45, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
03/12/2011 08:47:45, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
03/12/2011 08:47:45, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
03/12/2011 08:47:45, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/12/2011 16:15:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2579686).
02/12/2011 16:13:39, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2564958).
02/12/2011 16:13:29, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2586448).
02/12/2011 16:06:23, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7.
02/12/2011 12:24:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
02/12/2011 12:24:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
02/12/2011 10:46:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
02/12/2011 10:46:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x00000008, 0x807e7750, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
01/12/2011 22:36:44, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845).
01/12/2011 21:02:02, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2572076).
01/12/2011 14:24:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
01/12/2011 13:10:06, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by user at 16:51:54 on 2011-12-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2038.915 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\Defogger[1].exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - AVG Security Toolbar BHO
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{208B97A8-6D49-4F73-8803-D148B9FDB5D9} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{39E5A37F-3AFB-47CA-8DE2-ACA7E4072C99} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{39E5A37F-3AFB-47CA-8DE2-ACA7E4072C99}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{39E5A37F-3AFB-47CA-8DE2-ACA7E4072C99}\D4162796E616 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7FACD065-2377-4478-BE44-0C104CF19010}\75962756C6563737 : DhcpNameServer = 10.0.0.138
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\c5b93b2f.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 AvgMfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 AvgTdiX;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_32301.sys [2011-11-7 227312]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2010-10-30 1737464]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-1-29 5120]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-10-30 9216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-1 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-1 52224]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
.
=============== Created Last 30 ================
.
2011-12-01 20:21:05 -------- d-----w- c:\windows\system32\SPReview
2011-12-01 20:18:42 -------- d-----w- c:\windows\system32\EventProviders
2011-12-01 20:07:15 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-12-01 20:07:04 53760 ----a-w- c:\windows\system32\LSCSHostPolicy.dll
2011-12-01 20:07:04 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-12-01 20:07:04 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-12-01 20:07:03 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-12-01 20:05:59 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-12-01 20:04:59 658944 ----a-w- c:\windows\system32\autofmt.exe
2011-12-01 20:03:59 8704 ----a-w- c:\windows\system32\riched32.dll
2011-12-01 20:02:34 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-12-01 19:59:31 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2011-12-01 19:59:30 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-12-01 19:59:29 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-12-01 19:56:55 189952 ----a-w- c:\windows\system32\sqmapi.dll
2011-12-01 15:13:44 -------- d-----w- c:\users\user\appdata\roaming\AVG
2011-12-01 13:08:35 -------- d-----w- c:\windows\pss
2011-12-01 05:31:16 -------- d-----w- c:\users\user\appdata\roaming\AVG2012
2011-11-30 23:24:40 -------- d-----w- c:\programdata\AVG2012
2011-11-26 16:37:47 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-26 16:37:11 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-26 16:36:22 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-25 08:16:41 158056 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10139.bin
2011-11-22 17:43:38 -------- d-----w- C:\ClearViewRC
2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-04 09:25:26 -------- d-----w- c:\users\user\appdata\local\Opera
.
==================== Find3M ====================
.
2011-12-01 20:45:53 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-26 16:33:32 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-10-24 14:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-09 11:19:12 350208 ----a-w- c:\windows\system32\d3drm.dll
2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-09-24 06:38:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 16:55:18.35 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-03 20:11:58
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3250318AS rev.CC37
Running: egzpdhzr.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x902A4080]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x902A4BDE]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys ZwCreateThreadEx [0x8F8427B0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x902A4DD6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x902A85AC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x902A85DE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x902A8740]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x902A4CF6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x902A41F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x902A43EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x902A451C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x902A86B6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x902A8620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x902A8652]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x902A8684]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x902A4026]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x902A4E7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x902A8544]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x902A3FC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x902A3EE8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x902A3F30]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 8308F349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830CFE08 4 Bytes [80, 40, 2A, 90] {ADD BYTE [EAX+0x2a], 0x90}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 830CFE64 2 Bytes [DE, 4B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B2 830CFE67 1 Byte [90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1207 830CFEBC 4 Bytes [B0, 27, 84, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 123F 830CFEF4 8 Bytes [D6, 4D, 2A, 90, AC, 85, 2A, ...] {SALC ; DEC EBP; SUB DL, [EAX-0x6fd57a54]}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1032] ntdll.dll!KiUserApcDispatcher 779E6F58 5 Bytes JMP 00414D50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1032] WS2_32.dll!getaddrinfo 75874296 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1032] WS2_32.dll!gethostbyname 75887673 5 Bytes JMP 71AD0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2744] ntdll.dll!KiUserApcDispatcher 779E6F58 5 Bytes JMP 00445210 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2744] WS2_32.dll!getaddrinfo 75874296 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2744] WS2_32.dll!gethostbyname 75887673 5 Bytes JMP 71AE0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] ntdll.dll!NtMapViewOfSection 779E5C28 5 Bytes JMP 71A20022
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] ntdll.dll!KiUserApcDispatcher + E 779E6F66 5 Bytes JMP 01478FA0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] kernel32.dll!QueueUserWorkItem 771F9961 6 Bytes PUSH 710C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] kernel32.dll!SetUnhandledExceptionFilter 771FF4FB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WS2_32.dll!getaddrinfo 75874296 5 Bytes JMP 71100022
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WS2_32.dll!connect 75876BDD 5 Bytes JMP 71150022
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] GDI32.dll!BitBlt 771672C0 6 Bytes PUSH 71840022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!DdeInitializeW 75705DF2 6 Bytes PUSH 71780022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!RegisterClassA 7570BC6A 6 Bytes PUSH 718C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!CreateWindowExA 7570BF40 6 Bytes JMP 7195000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!CreateWindowExW 7570EC7C 6 Bytes JMP 6A033834 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!RegisterClassW 7570ED4A 6 Bytes PUSH 71880022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!RegisterClassExW 75710162 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!PeekMessageW 7571634A 6 Bytes PUSH 719E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!TranslateMessage 757164C7 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!GetClipboardData 75722BA7 6 Bytes PUSH 71740022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!DialogBoxParamW 75723B9B 5 Bytes JMP 69F67F59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!DialogBoxIndirectParamW 75733B7F 5 Bytes JMP 6A16DCD8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!DialogBoxParamA 7574CF42 5 Bytes JMP 6A16DC75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!DialogBoxIndirectParamA 7574D274 5 Bytes JMP 6A16DD3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!MessageBoxIndirectA 7575E869 5 Bytes JMP 6A16DC0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!MessageBoxIndirectW 7575E963 5 Bytes JMP 6A16DB9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!MessageBoxExA 7575E9C9 5 Bytes JMP 6A16DB3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!MessageBoxExW 7575E9ED 5 Bytes JMP 6A16DADB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] ole32.dll!CoCreateInstance 75DD9D0B 6 Bytes JMP 7191000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] ole32.dll!CoCreateInstanceEx 75DD9D4E 5 Bytes JMP 71800022
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetCloseHandle 7592AB49 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetReadFile 7592B406 6 Bytes PUSH 712E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpAddRequestHeadersA 7592DCD2 6 Bytes PUSH 716A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetConnectW 7593492C 6 Bytes PUSH 71460022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetConnectA 759349E9 6 Bytes PUSH 714A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpOpenRequestW 75934A42 6 Bytes PUSH 71620022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpOpenRequestA 75934C7D 6 Bytes PUSH 71660022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetQueryDataAvailable 75935E5D 6 Bytes PUSH 71320022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetOpenW 75939197 6 Bytes PUSH 71360022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetSetStatusCallback 7593933E 6 Bytes PUSH 71220022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpSendRequestW 7593BA12 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetOpenA 7593F18E 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetWriteFile 759446DA 6 Bytes PUSH 711E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpSendRequestExW 75944A3D 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetGetCookieExA 7595A464 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetReadFileExW 7595AE0E 6 Bytes PUSH 71260022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetReadFileExA 7595AE46 6 Bytes PUSH 712A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpSendRequestExA 759A1812 6 Bytes PUSH 715A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpSendRequestA 759A18F8 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetGetCookieA 759A2C90 6 Bytes PUSH 71420022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] ntdll.dll!NtMapViewOfSection 779E5C28 5 Bytes JMP 71A20022
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] ntdll.dll!KiUserApcDispatcher + E 779E6F66 5 Bytes JMP 00348FA0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] kernel32.dll!QueueUserWorkItem 771F9961 6 Bytes PUSH 710B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] kernel32.dll!SetUnhandledExceptionFilter 771FF4FB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WS2_32.dll!getaddrinfo 75874296 5 Bytes JMP 710F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WS2_32.dll!connect 75876BDD 5 Bytes JMP 71140022
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] GDI32.dll!BitBlt 771672C0 6 Bytes PUSH 71830022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!DdeInitializeW 75705DF2 6 Bytes PUSH 71770022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!EnableWindow 75708D02 5 Bytes JMP 69F5A855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!GetAsyncKeyState 7570A256 5 Bytes JMP 69F5B202 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CallNextHookEx 7570ABE1 5 Bytes JMP 69FA3C96 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!UnhookWindowsHookEx 7570ADF9 5 Bytes JMP 6A05D963 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!RegisterClassA 7570BC6A 6 Bytes PUSH 718C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateWindowExA 7570BF40 6 Bytes JMP 7195000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!SetWindowsHookExW 7570E30C 5 Bytes JMP 69FF7DF9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateWindowExW 7570EC7C 6 Bytes JMP 6A033834 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!RegisterClassW 7570ED4A 6 Bytes PUSH 71880022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!RegisterClassExW 75710162 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!GetKeyState 75712B4D 5 Bytes JMP 69F60F59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!IsDialogMessageW 75714104 5 Bytes JMP 69F5ADAE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!PeekMessageW 7571634A 6 Bytes PUSH 719E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!TranslateMessage 757164C7 6 Bytes PUSH 716D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateDialogParamA 75721F42 5 Bytes JMP 6A16E957 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!IsDialogMessage 75722019 5 Bytes JMP 6A16E191 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!GetClipboardData 75722BA7 6 Bytes PUSH 71730022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!DialogBoxParamW 75723B9B 5 Bytes JMP 69F67F59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateDialogIndirectParamA 7572721D 5 Bytes JMP 6A16E9C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateDialogIndirectParamW 7572EA10 5 Bytes JMP 6A16E9FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!DialogBoxIndirectParamW 75733B7F 5 Bytes JMP 6A16DCD8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!EndDialog 75733BA3 5 Bytes JMP 69F5B000 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateDialogParamW 75735630 5 Bytes JMP 6A16E98E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!SetKeyboardState 7573695A 5 Bytes JMP 6A16E4F6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!SendInput 75737019 5 Bytes JMP 6A16F11C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!SetCursorPos 7574C1B0 5 Bytes JMP 6A16F174 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!DialogBoxParamA 7574CF42 5 Bytes JMP 6A16DC75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!DialogBoxIndirectParamA 7574D274 5 Bytes JMP 6A16DD3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!MessageBoxIndirectA 7575E869 5 Bytes JMP 6A16DC0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!MessageBoxIndirectW 7575E963 5 Bytes JMP 6A16DB9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!MessageBoxExA 7575E9C9 5 Bytes JMP 6A16DB3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!MessageBoxExW 7575E9ED 5 Bytes JMP 6A16DADB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!keybd_event 7575EC3B 5 Bytes JMP 6A16F4A7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] SHELL32.dll!RealDriveType + 173D 7652FE10 4 Bytes [A5, 35, A5, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] SHELL32.dll!RealDriveType + 1745 7652FE18 8 Bytes [F3, 34, A5, 66, 17, 73, A4, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] ole32.dll!OleLoadFromStream 75D96143 5 Bytes JMP 6A16E036 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] ole32.dll!CoCreateInstance 75DD9D0B 5 Bytes JMP 6A0333C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] ole32.dll!CoCreateInstanceEx 75DD9D4E 5 Bytes JMP 717F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetCloseHandle 7592AB49 6 Bytes PUSH 714D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetReadFile 7592B406 6 Bytes PUSH 712D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpAddRequestHeadersA 7592DCD2 6 Bytes PUSH 71690022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetConnectW 7593492C 6 Bytes PUSH 71450022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetConnectA 759349E9 6 Bytes PUSH 71490022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpOpenRequestW 75934A42 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpOpenRequestA 75934C7D 6 Bytes PUSH 71650022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetQueryDataAvailable 75935E5D 6 Bytes PUSH 71310022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetOpenW 75939197 6 Bytes PUSH 71350022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetSetStatusCallback 7593933E 6 Bytes PUSH 71210022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpSendRequestW 7593BA12 6 Bytes PUSH 71510022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetOpenA 7593F18E 6 Bytes PUSH 71390022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetWriteFile 759446DA 6 Bytes PUSH 711D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpSendRequestExW 75944A3D 6 Bytes PUSH 71550022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetGetCookieExA 7595A464 6 Bytes PUSH 713D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetReadFileExW 7595AE0E 6 Bytes PUSH 71250022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetReadFileExA 7595AE46 6 Bytes PUSH 71290022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpSendRequestExA 759A1812 6 Bytes PUSH 71590022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpSendRequestA 759A18F8 6 Bytes PUSH 715D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetGetCookieA 759A2C90 6 Bytes PUSH 71410022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] ntdll.dll!NtMapViewOfSection 779E5C28 5 Bytes JMP 71A20022
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] ntdll.dll!KiUserApcDispatcher + E 779E6F66 5 Bytes JMP 00448FA0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] kernel32.dll!QueueUserWorkItem 771F9961 6 Bytes PUSH 710C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] kernel32.dll!SetUnhandledExceptionFilter 771FF4FB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WS2_32.dll!getaddrinfo 75874296 5 Bytes JMP 71100022
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WS2_32.dll!connect 75876BDD 5 Bytes JMP 71150022
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] GDI32.dll!BitBlt 771672C0 6 Bytes PUSH 71840022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!DdeInitializeW 75705DF2 6 Bytes PUSH 71780022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!EnableWindow 75708D02 5 Bytes JMP 69F5A855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!GetAsyncKeyState 7570A256 5 Bytes JMP 69F5B202 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CallNextHookEx 7570ABE1 5 Bytes JMP 69FA3C96 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!UnhookWindowsHookEx 7570ADF9 5 Bytes JMP 6A05D963 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!RegisterClassA 7570BC6A 6 Bytes PUSH 718C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateWindowExA 7570BF40 6 Bytes JMP 7195000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!SetWindowsHookExW 7570E30C 5 Bytes JMP 69FF7DF9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateWindowExW 7570EC7C 6 Bytes JMP 6A033834 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!RegisterClassW 7570ED4A 6 Bytes PUSH 71880022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!RegisterClassExW 75710162 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!GetKeyState 75712B4D 5 Bytes JMP 69F60F59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!IsDialogMessageW 75714104 5 Bytes JMP 69F5ADAE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!PeekMessageW 7571634A 6 Bytes PUSH 719E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!TranslateMessage 757164C7 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateDialogParamA 75721F42 5 Bytes JMP 6A16E957 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!IsDialogMessage 75722019 5 Bytes JMP 6A16E191 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!GetClipboardData 75722BA7 6 Bytes PUSH 71740022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!DialogBoxParamW 75723B9B 5 Bytes JMP 69F67F59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateDialogIndirectParamA 7572721D 5 Bytes JMP 6A16E9C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateDialogIndirectParamW 7572EA10 5 Bytes JMP 6A16E9FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!DialogBoxIndirectParamW 75733B7F 5 Bytes JMP 6A16DCD8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!EndDialog 75733BA3 5 Bytes JMP 69F5B000 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateDialogParamW 75735630 5 Bytes JMP 6A16E98E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!SetKeyboardState 7573695A 5 Bytes JMP 6A16E4F6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!SendInput 75737019 5 Bytes JMP 6A16F11C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!SetCursorPos 7574C1B0 5 Bytes JMP 6A16F174 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!DialogBoxParamA 7574CF42 5 Bytes JMP 6A16DC75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!DialogBoxIndirectParamA 7574D274 5 Bytes JMP 6A16DD3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!MessageBoxIndirectA 7575E869 5 Bytes JMP 6A16DC0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!MessageBoxIndirectW 7575E963 5 Bytes JMP 6A16DB9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!MessageBoxExA 7575E9C9 5 Bytes JMP 6A16DB3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!MessageBoxExW 7575E9ED 5 Bytes JMP 6A16DADB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!keybd_event 7575EC3B 5 Bytes JMP 6A16F4A7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] SHELL32.dll!RealDriveType + 173D 7652FE10 4 Bytes [A5, 35, A5, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] SHELL32.dll!RealDriveType + 1745 7652FE18 8 Bytes [F3, 34, A5, 66, 17, 73, A4, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] ole32.dll!OleLoadFromStream 75D96143 5 Bytes JMP 6A16E036 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] ole32.dll!CoCreateInstance 75DD9D0B 5 Bytes JMP 6A0333C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] ole32.dll!CoCreateInstanceEx 75DD9D4E 5 Bytes JMP 71800022
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetCloseHandle 7592AB49 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetReadFile 7592B406 6 Bytes PUSH 712E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpAddRequestHeadersA 7592DCD2 6 Bytes PUSH 716A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetConnectW 7593492C 6 Bytes PUSH 71460022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetConnectA 759349E9 6 Bytes PUSH 714A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpOpenRequestW 75934A42 6 Bytes PUSH 71620022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpOpenRequestA 75934C7D 6 Bytes PUSH 71660022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetQueryDataAvailable 75935E5D 6 Bytes PUSH 71320022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetOpenW 75939197 6 Bytes PUSH 71360022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetSetStatusCallback 7593933E 6 Bytes PUSH 71220022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpSendRequestW 7593BA12 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetOpenA 7593F18E 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetWriteFile 759446DA 6 Bytes PUSH 711E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpSendRequestExW 75944A3D 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetGetCookieExA 7595A464 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetReadFileExW 7595AE0E 6 Bytes PUSH 71260022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetReadFileExA 7595AE46 6 Bytes PUSH 712A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpSendRequestExA 759A1812 6 Bytes PUSH 715A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpSendRequestA 759A18F8 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetGetCookieA 759A2C90 6 Bytes PUSH 71420022; RET

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00809884057d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00809884057d@c87e75847573 0x8F 0xD4 0x8F 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00809884057d@5492be0a0ac1 0x14 0xA7 0x40 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???U??????N??????????????????U???U????????????????????????>??????"?g?#??{4d36e969-e325-11ce-bfc1-08002be10318}??????{00000000-0000-0000-ffff-ffffffffffff}?/??????N??U??????????????????????????????????????????#????????'???????????????U??????????????? ???????T?????????????,????????????&?????????????????????????????{0.0.1.00000000}.{72f7fd84-f8fb-4438-b229-0a0e5832df9e}/00010000??????{0.0.0.00000000}.{099a8a56-5cf5-41bc-aea1-b8ab6f9a5f36}/00010000????Filter???????f?f????{4d36e97d-e325-11ce-bfc1-08002be10318}??????{50127dc3-0f36-415e-a6cc-4cb3be910b65}???????????<??????s???? f?????????????????p_??????????USB\VID_0930&PID_6532\0E51DB5133A229C4??????? ???????T?????????????,????????????&?????????????????????????l??????0?g?0??????????????????????{50127dc3-0f36-415e-a6cc-4cb3be910b65}\0000?????{50127dc3-0f36-415e-a6cc-4cb3be910b65}???.??ACPI\PNP0C04?*PNP0C04???????WPD??????????5???????e???????????????????f?f?f???f??\\?\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_USB_FLASH_MEMORY&REV_1.04#
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????2}???????????????????????????g???7???e???e??Local Area Connection* 21???????????????????????? :????????????????????:?????7?0?????t???????&??? ???????}???????????;????????"???=?????????7A??? ???????o??????????????????????????&????????????????????E??BTH\MS_BTHPAN\7&49FB020&0&2?? ???????????5?????????e????????????????????????????????????????USBSTOR\DiskUSB_MassStorage_Device______?USBSTOR\DiskUSB_MassStorage_Device__?USBSTOR\DiskUSB_Mass?USBSTOR\USB_MassStorage_Device___?USB_MassStorage_Device___?USBSTOR\GenDisk?GenDisk??La??? ?????????????????????1??????????????????????????????????????N??????f?????DNT??{4fa9905c-bca3-5d0e-8eee-89616249ebc2}?\vo??????????{71a27cdd-812a-11d0-bec7-08002be2092f}?0.1????X??????k???7????N??????3????D-D1??{4d36e967-e325-11ce-bfc1-08002be10318}?6_{??? ???????????????????????????? ?????????ic????X??????k???t??{4d36e967-e325-11ce-bfc1-08002be10318}\0011?97??????????????????????? ?????????????????????-??.???????????????????s03-????????????????nman??? ?????????????????????1???????????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00809884057d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00809884057d@c87e75847573 0x8F 0xD4 0x8F 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00809884057d@5492be0a0ac1 0x14 0xA7 0x40 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???eai???????????????????????????????6???????????????????????t???7?8?7??????????????????? ???????f?????d?????_?-???????????????????1?.??????$???4????? ??????? ????p???????????????????????????????????????? ????????????????????$???e??????????????????????????????$???4????? ??????? ????p?????????????????????????????????????????????????? ??????$???e??????????????????????????????$???4????? ??????? ????p???????????????????????????????????????? ????????????????????$???e??????????????????????????????$???4????? ??????? ????p?????????????????????????????????????????????????? ??????$???e??????????????????????????????$???4????? ??????? ????p?????????????????????????????????????????????????? ??????$?? f??????????????????????????????????????????@cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive??????{00000000-0000-0000-ffff-ffffffffffff}?5D-??*PNP0600?????f???f???????f??????s????????????f???e??????da???????????????9???????????????????f??????????????????$???4????? ??????? ????\?????????? ?????????????????????????????????????????$??
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o?????z??????? ???????o???????????k?,??????$???????????????<??s????????h??????????n???0???2??Microsoft?????????????N??????????????d??????????????????????t?????????????????????????????????????????R??o????????h?????????????????t????????o???o?????????????????????????n???????? ??????????????????????????????????????????????????n?????o?????????????????????????n???????????????????????????n????????????????????????????????????????????????s???Pointer Class????????????????????????????????????~???????????o??\SystemRoot\system32\drivers\amdide.sys?de????(??o??????p???System Bus Extender???????N??o???????????d??mshdc.inf_x86_neutral_f64b9c35a3a5be81???????o?o?o?o?o?o????????????????t?????????????????????????????????????????????????R??o????????h?????\SystemRoot\system32\drivers\amdsata.sys?5??Microsoft????????o??????p???SCSI miniport?????R??????????????d???o?o?o?o?o?od1???????????????e???p????????????????????????????????????????????????????????????P??o??????????????\SystemRoot\system32\DRIVERS\amdsbs.sys?cm???????o?????

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Trusteer\Rapport\store\user\conf\499453 0 bytes
File C:\ProgramData\Trusteer\Rapport\store\user\events_stats_var_0.js.data 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K37G170\881F74666FA9B7494BEF7C611F645A[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K37G170\54CC9C99E195502CC13F7605DA1D0[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\image[5].jpg 4829 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\A4C3D14A3B56979A08A5EF32FA54[1].jpg 3861 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\A6CBC13684F0A84EC6DFE91F3769[1].jpg 2623 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\3C24716DBF8095FF4DD5BCCA817F[1].jpg 41462 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\7381B7E9E71F36D67360F87CA923[1].jpg 3362 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\73C9881FB9F55991B099B4F31EADC[1].jpg 36609 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\imageCA87ZZ4E.jpg 5000 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\23AE23DF2A3943A3B7D792795BDB0[1].jpg 52873 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\CC7196202EA177C6B7D67986AABEBD[1].jpg 2953 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\97A99E5A5765750A138950B21BAF[1].jpg 123846 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\BA28509263C66A2408AE6F5C7D263[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\BB292101B9A348F26AAC2452257[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\imageCABI5MYP.jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\F0AD16F690F81BBC98C076BE13A228[1].jpg 34973 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\5512D41618812F6801DA52ED431A9[1].jpg 2884 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\9CC680F71EE9AF2BC161D2F9A37723[1].jpg 3084 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\A0E33110C93E43FF0A741F9761897[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\D944EDEDA2401C95CDABF150CF458A[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\C97CF180AF55CE38DE90E386E0444D[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\3D1F5E9E15707E3C87BB17A1956D92[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\1F9492D87DA8E42E08BAC329B094[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\DD36DCA7CE59185908F4F235598AF[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\8E3B46FF75858922E636BEA571A96[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\669BA4E7C28B89F418A233A8F08BEA[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\EAAC058CE7492E8A441EF70AAFA2C[2].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\7717EDDAD943EFA6EDF9B431FAFFF[1].jpg 0 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Ten Best Selling UK Singles of 1972_files\CA0T4ZU9_files\abg-en-100c-ffffff.png 963 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Ten Best Selling UK Singles of 1972_files\CA0T4ZU9_files\sma4.js 6107 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\blogstyle.css 5290 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\CAXGNQZ1.htm 25113 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\counter.js 6331 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\divbar.png 419 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\girl_with_headphones_10.jpg 8822 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\girl_with_headphones_2.jpg 7874 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\popcharts_banner.png 33622 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\show_ads.js 22215 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\ajax.js 4555 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\commonPrint.css 8123 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\IE60Fixes.css 1603 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\IEFixes.js 4006 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index(1).css 4580 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index(2).css 68 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index.css 26126 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index.php 20757 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\magnify-clip.png 267 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\main.css 42206 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\mwsuggest.js 22992 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\poweredby_mediawiki_88x31.png 1933 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\shared.css 6039 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\wikibits.js 27505 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\wikimedia-button.png 890 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\ajax.js 4555 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\commonPrint.css 8123 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\IE60Fixes.css 1603 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\IEFixes.js 4006 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index(1).css 4580 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index(2).css 68 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index.css 26126 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index.php 20757 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\main.css 42206 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\mwsuggest.js 22992 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\shared.css 6039 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\wikibits.js 27505 bytes

---- EOF - GMER 1.0.15 ----

Edited by Orange Blossom, 03 December 2011 - 07:59 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 08 December 2011 - 03:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430551 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 TomRichardson

TomRichardson
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 09 December 2011 - 10:59 AM

My computer started slowing down so I downloaded Advanced System Care and also Opera(Browser). Now, I'm slowing down even more!!!! I'm so slow I have to go out the room while google loads or I'll throw the Bleeping thing out the window. I un-installed both but that hasn't worked. Would someone please tell me what to do.

I found two Trojans running malwarebytes in safe mode:

c:\program files\common files\Java\Update\base images\jre1.5.0.b64\patch-jre1.5.0_01.b08\patchjre.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.
c:\program files\Java\jre1.5.0_01\bin\javacpl.exe (Trojan.Dropper.pws) -> Quarantined and deleted successfully.

Other symptoms are: Photoís screen saver gets stuck and I canít change the desktop theme.
I bought some software from e-bay and it was Chinese pirated software. I didn't realise until it was too late. I reported it to e bay and got my money back but I think they were infected with something because Iím getting unsolicited e-mail from china.
I think I have been hacked?
Anyway thanks for helping. The logs will follow, I'm so slow I don't know what happned to the last DDS log I tried to attach.

#4 TomRichardson

TomRichardson
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 09 December 2011 - 11:17 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by user at 15:37:44 on 2011-12-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2038.1036 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - AVG Security Toolbar BHO
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{208B97A8-6D49-4F73-8803-D148B9FDB5D9} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{39E5A37F-3AFB-47CA-8DE2-ACA7E4072C99} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{39E5A37F-3AFB-47CA-8DE2-ACA7E4072C99}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{39E5A37F-3AFB-47CA-8DE2-ACA7E4072C99}\D4162796E616 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7FACD065-2377-4478-BE44-0C104CF19010}\75962756C6563737 : DhcpNameServer = 10.0.0.138
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\c5b93b2f.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 AvgMfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 AvgTdiX;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_32301.sys [2011-11-7 227312]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2010-10-30 1737464]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-1-29 5120]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-18 9216]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\toolbarbroker.exe --> c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-10-30 9216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-1 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-1 52224]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
.
=============== Created Last 30 ================
.
2011-12-06 13:31:07 -------- d-----w- c:\users\user\appdata\roaming\IPACS
2011-12-01 20:21:05 -------- d-----w- c:\windows\system32\SPReview
2011-12-01 20:18:42 -------- d-----w- c:\windows\system32\EventProviders
2011-12-01 20:07:15 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-12-01 20:07:04 53760 ----a-w- c:\windows\system32\LSCSHostPolicy.dll
2011-12-01 20:07:04 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-12-01 20:07:04 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-12-01 20:07:03 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-12-01 20:05:59 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-12-01 20:04:59 658944 ----a-w- c:\windows\system32\autofmt.exe
2011-12-01 20:03:59 8704 ----a-w- c:\windows\system32\riched32.dll
2011-12-01 20:02:34 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-12-01 19:59:31 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2011-12-01 19:59:30 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-12-01 19:59:29 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-12-01 19:56:55 189952 ----a-w- c:\windows\system32\sqmapi.dll
2011-12-01 15:13:44 -------- d-----w- c:\users\user\appdata\roaming\AVG
2011-12-01 13:08:35 -------- d-----w- c:\windows\pss
2011-12-01 05:31:16 -------- d-----w- c:\users\user\appdata\roaming\AVG2012
2011-11-30 23:24:40 -------- d-----w- c:\programdata\AVG2012
2011-11-26 16:37:47 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-26 16:37:11 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-26 16:36:22 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-25 08:16:41 158056 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10139.bin
2011-11-22 17:43:38 -------- d-----w- C:\ClearViewRC
.
==================== Find3M ====================
.
2011-12-01 20:45:53 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-26 16:33:32 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-10-24 14:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-09 11:19:12 350208 ----a-w- c:\windows\system32\d3drm.dll
2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-09-24 06:38:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 15:41:08.81 ===============

#5 TomRichardson

TomRichardson
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 09 December 2011 - 03:33 PM

Attached file; I hope you get this because it is taking me all day and I'm getting very fed-up!

#6 TomRichardson

TomRichardson
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 09 December 2011 - 03:34 PM

I can't get GMER to run all the way through!

#7 TomRichardson

TomRichardson
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 09 December 2011 - 03:39 PM

Here's the one I run the other day. I'll keep trying to run a new one.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-03 20:11:58
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3250318AS rev.CC37
Running: egzpdhzr.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x902A4080]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x902A4BDE]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys ZwCreateThreadEx [0x8F8427B0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x902A4DD6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x902A85AC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x902A85DE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x902A8740]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x902A4CF6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x902A41F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x902A43EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x902A451C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x902A86B6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x902A8620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x902A8652]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x902A8684]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x902A4026]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x902A4E7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x902A8544]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x902A3FC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x902A3EE8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x902A3F30]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 8308F349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830CFE08 4 Bytes [80, 40, 2A, 90] {ADD BYTE [EAX+0x2a], 0x90}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 830CFE64 2 Bytes [DE, 4B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B2 830CFE67 1 Byte [90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1207 830CFEBC 4 Bytes [B0, 27, 84, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 123F 830CFEF4 8 Bytes [D6, 4D, 2A, 90, AC, 85, 2A, ...] {SALC ; DEC EBP; SUB DL, [EAX-0x6fd57a54]}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1032] ntdll.dll!KiUserApcDispatcher 779E6F58 5 Bytes JMP 00414D50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1032] WS2_32.dll!getaddrinfo 75874296 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1032] WS2_32.dll!gethostbyname 75887673 5 Bytes JMP 71AD0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2744] ntdll.dll!KiUserApcDispatcher 779E6F58 5 Bytes JMP 00445210 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2744] WS2_32.dll!getaddrinfo 75874296 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2744] WS2_32.dll!gethostbyname 75887673 5 Bytes JMP 71AE0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] ntdll.dll!NtMapViewOfSection 779E5C28 5 Bytes JMP 71A20022
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] ntdll.dll!KiUserApcDispatcher + E 779E6F66 5 Bytes JMP 01478FA0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] kernel32.dll!QueueUserWorkItem 771F9961 6 Bytes PUSH 710C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] kernel32.dll!SetUnhandledExceptionFilter 771FF4FB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WS2_32.dll!getaddrinfo 75874296 5 Bytes JMP 71100022
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WS2_32.dll!connect 75876BDD 5 Bytes JMP 71150022
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] GDI32.dll!BitBlt 771672C0 6 Bytes PUSH 71840022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!DdeInitializeW 75705DF2 6 Bytes PUSH 71780022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!RegisterClassA 7570BC6A 6 Bytes PUSH 718C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!CreateWindowExA 7570BF40 6 Bytes JMP 7195000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!CreateWindowExW 7570EC7C 6 Bytes JMP 6A033834 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!RegisterClassW 7570ED4A 6 Bytes PUSH 71880022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!RegisterClassExW 75710162 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!PeekMessageW 7571634A 6 Bytes PUSH 719E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!TranslateMessage 757164C7 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!GetClipboardData 75722BA7 6 Bytes PUSH 71740022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!DialogBoxParamW 75723B9B 5 Bytes JMP 69F67F59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!DialogBoxIndirectParamW 75733B7F 5 Bytes JMP 6A16DCD8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!DialogBoxParamA 7574CF42 5 Bytes JMP 6A16DC75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!DialogBoxIndirectParamA 7574D274 5 Bytes JMP 6A16DD3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!MessageBoxIndirectA 7575E869 5 Bytes JMP 6A16DC0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!MessageBoxIndirectW 7575E963 5 Bytes JMP 6A16DB9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!MessageBoxExA 7575E9C9 5 Bytes JMP 6A16DB3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] USER32.dll!MessageBoxExW 7575E9ED 5 Bytes JMP 6A16DADB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] ole32.dll!CoCreateInstance 75DD9D0B 6 Bytes JMP 7191000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] ole32.dll!CoCreateInstanceEx 75DD9D4E 5 Bytes JMP 71800022
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetCloseHandle 7592AB49 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetReadFile 7592B406 6 Bytes PUSH 712E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpAddRequestHeadersA 7592DCD2 6 Bytes PUSH 716A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetConnectW 7593492C 6 Bytes PUSH 71460022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetConnectA 759349E9 6 Bytes PUSH 714A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpOpenRequestW 75934A42 6 Bytes PUSH 71620022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpOpenRequestA 75934C7D 6 Bytes PUSH 71660022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetQueryDataAvailable 75935E5D 6 Bytes PUSH 71320022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetOpenW 75939197 6 Bytes PUSH 71360022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetSetStatusCallback 7593933E 6 Bytes PUSH 71220022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpSendRequestW 7593BA12 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetOpenA 7593F18E 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetWriteFile 759446DA 6 Bytes PUSH 711E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpSendRequestExW 75944A3D 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetGetCookieExA 7595A464 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetReadFileExW 7595AE0E 6 Bytes PUSH 71260022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetReadFileExA 7595AE46 6 Bytes PUSH 712A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpSendRequestExA 759A1812 6 Bytes PUSH 715A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!HttpSendRequestA 759A18F8 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5344] WININET.dll!InternetGetCookieA 759A2C90 6 Bytes PUSH 71420022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] ntdll.dll!NtMapViewOfSection 779E5C28 5 Bytes JMP 71A20022
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] ntdll.dll!KiUserApcDispatcher + E 779E6F66 5 Bytes JMP 00348FA0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] kernel32.dll!QueueUserWorkItem 771F9961 6 Bytes PUSH 710B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] kernel32.dll!SetUnhandledExceptionFilter 771FF4FB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WS2_32.dll!getaddrinfo 75874296 5 Bytes JMP 710F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WS2_32.dll!connect 75876BDD 5 Bytes JMP 71140022
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] GDI32.dll!BitBlt 771672C0 6 Bytes PUSH 71830022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!DdeInitializeW 75705DF2 6 Bytes PUSH 71770022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!EnableWindow 75708D02 5 Bytes JMP 69F5A855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!GetAsyncKeyState 7570A256 5 Bytes JMP 69F5B202 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CallNextHookEx 7570ABE1 5 Bytes JMP 69FA3C96 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!UnhookWindowsHookEx 7570ADF9 5 Bytes JMP 6A05D963 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!RegisterClassA 7570BC6A 6 Bytes PUSH 718C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateWindowExA 7570BF40 6 Bytes JMP 7195000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!SetWindowsHookExW 7570E30C 5 Bytes JMP 69FF7DF9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateWindowExW 7570EC7C 6 Bytes JMP 6A033834 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!RegisterClassW 7570ED4A 6 Bytes PUSH 71880022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!RegisterClassExW 75710162 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!GetKeyState 75712B4D 5 Bytes JMP 69F60F59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!IsDialogMessageW 75714104 5 Bytes JMP 69F5ADAE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!PeekMessageW 7571634A 6 Bytes PUSH 719E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!TranslateMessage 757164C7 6 Bytes PUSH 716D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateDialogParamA 75721F42 5 Bytes JMP 6A16E957 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!IsDialogMessage 75722019 5 Bytes JMP 6A16E191 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!GetClipboardData 75722BA7 6 Bytes PUSH 71730022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!DialogBoxParamW 75723B9B 5 Bytes JMP 69F67F59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateDialogIndirectParamA 7572721D 5 Bytes JMP 6A16E9C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateDialogIndirectParamW 7572EA10 5 Bytes JMP 6A16E9FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!DialogBoxIndirectParamW 75733B7F 5 Bytes JMP 6A16DCD8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!EndDialog 75733BA3 5 Bytes JMP 69F5B000 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!CreateDialogParamW 75735630 5 Bytes JMP 6A16E98E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!SetKeyboardState 7573695A 5 Bytes JMP 6A16E4F6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!SendInput 75737019 5 Bytes JMP 6A16F11C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!SetCursorPos 7574C1B0 5 Bytes JMP 6A16F174 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!DialogBoxParamA 7574CF42 5 Bytes JMP 6A16DC75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!DialogBoxIndirectParamA 7574D274 5 Bytes JMP 6A16DD3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!MessageBoxIndirectA 7575E869 5 Bytes JMP 6A16DC0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!MessageBoxIndirectW 7575E963 5 Bytes JMP 6A16DB9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!MessageBoxExA 7575E9C9 5 Bytes JMP 6A16DB3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!MessageBoxExW 7575E9ED 5 Bytes JMP 6A16DADB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] USER32.dll!keybd_event 7575EC3B 5 Bytes JMP 6A16F4A7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] SHELL32.dll!RealDriveType + 173D 7652FE10 4 Bytes [A5, 35, A5, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] SHELL32.dll!RealDriveType + 1745 7652FE18 8 Bytes [F3, 34, A5, 66, 17, 73, A4, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] ole32.dll!OleLoadFromStream 75D96143 5 Bytes JMP 6A16E036 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] ole32.dll!CoCreateInstance 75DD9D0B 5 Bytes JMP 6A0333C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] ole32.dll!CoCreateInstanceEx 75DD9D4E 5 Bytes JMP 717F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetCloseHandle 7592AB49 6 Bytes PUSH 714D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetReadFile 7592B406 6 Bytes PUSH 712D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpAddRequestHeadersA 7592DCD2 6 Bytes PUSH 71690022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetConnectW 7593492C 6 Bytes PUSH 71450022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetConnectA 759349E9 6 Bytes PUSH 71490022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpOpenRequestW 75934A42 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpOpenRequestA 75934C7D 6 Bytes PUSH 71650022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetQueryDataAvailable 75935E5D 6 Bytes PUSH 71310022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetOpenW 75939197 6 Bytes PUSH 71350022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetSetStatusCallback 7593933E 6 Bytes PUSH 71210022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpSendRequestW 7593BA12 6 Bytes PUSH 71510022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetOpenA 7593F18E 6 Bytes PUSH 71390022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetWriteFile 759446DA 6 Bytes PUSH 711D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpSendRequestExW 75944A3D 6 Bytes PUSH 71550022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetGetCookieExA 7595A464 6 Bytes PUSH 713D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetReadFileExW 7595AE0E 6 Bytes PUSH 71250022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetReadFileExA 7595AE46 6 Bytes PUSH 71290022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpSendRequestExA 759A1812 6 Bytes PUSH 71590022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!HttpSendRequestA 759A18F8 6 Bytes PUSH 715D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5608] WININET.dll!InternetGetCookieA 759A2C90 6 Bytes PUSH 71410022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] ntdll.dll!NtMapViewOfSection 779E5C28 5 Bytes JMP 71A20022
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] ntdll.dll!KiUserApcDispatcher + E 779E6F66 5 Bytes JMP 00448FA0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] kernel32.dll!QueueUserWorkItem 771F9961 6 Bytes PUSH 710C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] kernel32.dll!SetUnhandledExceptionFilter 771FF4FB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WS2_32.dll!getaddrinfo 75874296 5 Bytes JMP 71100022
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WS2_32.dll!connect 75876BDD 5 Bytes JMP 71150022
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] GDI32.dll!BitBlt 771672C0 6 Bytes PUSH 71840022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!DdeInitializeW 75705DF2 6 Bytes PUSH 71780022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!EnableWindow 75708D02 5 Bytes JMP 69F5A855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!GetAsyncKeyState 7570A256 5 Bytes JMP 69F5B202 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CallNextHookEx 7570ABE1 5 Bytes JMP 69FA3C96 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!UnhookWindowsHookEx 7570ADF9 5 Bytes JMP 6A05D963 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!RegisterClassA 7570BC6A 6 Bytes PUSH 718C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateWindowExA 7570BF40 6 Bytes JMP 7195000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!SetWindowsHookExW 7570E30C 5 Bytes JMP 69FF7DF9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateWindowExW 7570EC7C 6 Bytes JMP 6A033834 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!RegisterClassW 7570ED4A 6 Bytes PUSH 71880022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!RegisterClassExW 75710162 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!GetKeyState 75712B4D 5 Bytes JMP 69F60F59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!IsDialogMessageW 75714104 5 Bytes JMP 69F5ADAE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!PeekMessageW 7571634A 6 Bytes PUSH 719E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!TranslateMessage 757164C7 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateDialogParamA 75721F42 5 Bytes JMP 6A16E957 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!IsDialogMessage 75722019 5 Bytes JMP 6A16E191 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!GetClipboardData 75722BA7 6 Bytes PUSH 71740022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!DialogBoxParamW 75723B9B 5 Bytes JMP 69F67F59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateDialogIndirectParamA 7572721D 5 Bytes JMP 6A16E9C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateDialogIndirectParamW 7572EA10 5 Bytes JMP 6A16E9FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!DialogBoxIndirectParamW 75733B7F 5 Bytes JMP 6A16DCD8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!EndDialog 75733BA3 5 Bytes JMP 69F5B000 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!CreateDialogParamW 75735630 5 Bytes JMP 6A16E98E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!SetKeyboardState 7573695A 5 Bytes JMP 6A16E4F6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!SendInput 75737019 5 Bytes JMP 6A16F11C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!SetCursorPos 7574C1B0 5 Bytes JMP 6A16F174 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!DialogBoxParamA 7574CF42 5 Bytes JMP 6A16DC75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!DialogBoxIndirectParamA 7574D274 5 Bytes JMP 6A16DD3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!MessageBoxIndirectA 7575E869 5 Bytes JMP 6A16DC0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!MessageBoxIndirectW 7575E963 5 Bytes JMP 6A16DB9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!MessageBoxExA 7575E9C9 5 Bytes JMP 6A16DB3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!MessageBoxExW 7575E9ED 5 Bytes JMP 6A16DADB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] USER32.dll!keybd_event 7575EC3B 5 Bytes JMP 6A16F4A7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] SHELL32.dll!RealDriveType + 173D 7652FE10 4 Bytes [A5, 35, A5, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] SHELL32.dll!RealDriveType + 1745 7652FE18 8 Bytes [F3, 34, A5, 66, 17, 73, A4, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] ole32.dll!OleLoadFromStream 75D96143 5 Bytes JMP 6A16E036 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] ole32.dll!CoCreateInstance 75DD9D0B 5 Bytes JMP 6A0333C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] ole32.dll!CoCreateInstanceEx 75DD9D4E 5 Bytes JMP 71800022
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetCloseHandle 7592AB49 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetReadFile 7592B406 6 Bytes PUSH 712E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpAddRequestHeadersA 7592DCD2 6 Bytes PUSH 716A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetConnectW 7593492C 6 Bytes PUSH 71460022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetConnectA 759349E9 6 Bytes PUSH 714A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpOpenRequestW 75934A42 6 Bytes PUSH 71620022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpOpenRequestA 75934C7D 6 Bytes PUSH 71660022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetQueryDataAvailable 75935E5D 6 Bytes PUSH 71320022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetOpenW 75939197 6 Bytes PUSH 71360022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetSetStatusCallback 7593933E 6 Bytes PUSH 71220022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpSendRequestW 7593BA12 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetOpenA 7593F18E 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetWriteFile 759446DA 6 Bytes PUSH 711E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpSendRequestExW 75944A3D 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetGetCookieExA 7595A464 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetReadFileExW 7595AE0E 6 Bytes PUSH 71260022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetReadFileExA 7595AE46 6 Bytes PUSH 712A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpSendRequestExA 759A1812 6 Bytes PUSH 715A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!HttpSendRequestA 759A18F8 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5616] WININET.dll!InternetGetCookieA 759A2C90 6 Bytes PUSH 71420022; RET

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00809884057d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00809884057d@c87e75847573 0x8F 0xD4 0x8F 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00809884057d@5492be0a0ac1 0x14 0xA7 0x40 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???U??????N??????????????????U???U????????????????????????>??????"?g?#??{4d36e969-e325-11ce-bfc1-08002be10318}??????{00000000-0000-0000-ffff-ffffffffffff}?/??????N??U??????????????????????????????????????????#????????'???????????????U??????????????? ???????T?????????????,????????????&?????????????????????????????{0.0.1.00000000}.{72f7fd84-f8fb-4438-b229-0a0e5832df9e}/00010000??????{0.0.0.00000000}.{099a8a56-5cf5-41bc-aea1-b8ab6f9a5f36}/00010000????Filter???????f?f????{4d36e97d-e325-11ce-bfc1-08002be10318}??????{50127dc3-0f36-415e-a6cc-4cb3be910b65}???????????<??????s???? f?????????????????p_??????????USB\VID_0930&PID_6532\0E51DB5133A229C4??????? ???????T?????????????,????????????&?????????????????????????l??????0?g?0??????????????????????{50127dc3-0f36-415e-a6cc-4cb3be910b65}\0000?????{50127dc3-0f36-415e-a6cc-4cb3be910b65}???.??ACPI\PNP0C04?*PNP0C04???????WPD??????????5???????e???????????????????f?f?f???f??\\?\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_USB_FLASH_MEMORY&REV_1.04#
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????2}???????????????????????????g???7???e???e??Local Area Connection* 21???????????????????????? :????????????????????:?????7?0?????t???????&??? ???????}???????????;????????"???=?????????7A??? ???????o??????????????????????????&????????????????????E??BTH\MS_BTHPAN\7&49FB020&0&2?? ???????????5?????????e????????????????????????????????????????USBSTOR\DiskUSB_MassStorage_Device______?USBSTOR\DiskUSB_MassStorage_Device__?USBSTOR\DiskUSB_Mass?USBSTOR\USB_MassStorage_Device___?USB_MassStorage_Device___?USBSTOR\GenDisk?GenDisk??La??? ?????????????????????1??????????????????????????????????????N??????f?????DNT??{4fa9905c-bca3-5d0e-8eee-89616249ebc2}?\vo??????????{71a27cdd-812a-11d0-bec7-08002be2092f}?0.1????X??????k???7????N??????3????D-D1??{4d36e967-e325-11ce-bfc1-08002be10318}?6_{??? ???????????????????????????? ?????????ic????X??????k???t??{4d36e967-e325-11ce-bfc1-08002be10318}\0011?97??????????????????????? ?????????????????????-??.???????????????????s03-????????????????nman??? ?????????????????????1???????????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00809884057d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00809884057d@c87e75847573 0x8F 0xD4 0x8F 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00809884057d@5492be0a0ac1 0x14 0xA7 0x40 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???eai???????????????????????????????6???????????????????????t???7?8?7??????????????????? ???????f?????d?????_?-???????????????????1?.??????$???4????? ??????? ????p???????????????????????????????????????? ????????????????????$???e??????????????????????????????$???4????? ??????? ????p?????????????????????????????????????????????????? ??????$???e??????????????????????????????$???4????? ??????? ????p???????????????????????????????????????? ????????????????????$???e??????????????????????????????$???4????? ??????? ????p?????????????????????????????????????????????????? ??????$???e??????????????????????????????$???4????? ??????? ????p?????????????????????????????????????????????????? ??????$?? f??????????????????????????????????????????@cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive??????{00000000-0000-0000-ffff-ffffffffffff}?5D-??*PNP0600?????f???f???????f??????s????????????f???e??????da???????????????9???????????????????f??????????????????$???4????? ??????? ????\?????????? ?????????????????????????????????????????$??
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o?????z??????? ???????o???????????k?,??????$???????????????<??s????????h??????????n???0???2??Microsoft?????????????N??????????????d??????????????????????t?????????????????????????????????????????R??o????????h?????????????????t????????o???o?????????????????????????n???????? ??????????????????????????????????????????????????n?????o?????????????????????????n???????????????????????????n????????????????????????????????????????????????s???Pointer Class????????????????????????????????????~???????????o??\SystemRoot\system32\drivers\amdide.sys?de????(??o??????p???System Bus Extender???????N??o???????????d??mshdc.inf_x86_neutral_f64b9c35a3a5be81???????o?o?o?o?o?o????????????????t?????????????????????????????????????????????????R??o????????h?????\SystemRoot\system32\drivers\amdsata.sys?5??Microsoft????????o??????p???SCSI miniport?????R??????????????d???o?o?o?o?o?od1???????????????e???p????????????????????????????????????????????????????????????P??o??????????????\SystemRoot\system32\DRIVERS\amdsbs.sys?cm???????o?????

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Trusteer\Rapport\store\user\conf\499453 0 bytes
File C:\ProgramData\Trusteer\Rapport\store\user\events_stats_var_0.js.data 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K37G170\881F74666FA9B7494BEF7C611F645A[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K37G170\54CC9C99E195502CC13F7605DA1D0[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\image[5].jpg 4829 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\A4C3D14A3B56979A08A5EF32FA54[1].jpg 3861 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\A6CBC13684F0A84EC6DFE91F3769[1].jpg 2623 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\3C24716DBF8095FF4DD5BCCA817F[1].jpg 41462 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\7381B7E9E71F36D67360F87CA923[1].jpg 3362 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\73C9881FB9F55991B099B4F31EADC[1].jpg 36609 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\imageCA87ZZ4E.jpg 5000 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\23AE23DF2A3943A3B7D792795BDB0[1].jpg 52873 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\CC7196202EA177C6B7D67986AABEBD[1].jpg 2953 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\97A99E5A5765750A138950B21BAF[1].jpg 123846 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\BA28509263C66A2408AE6F5C7D263[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\BB292101B9A348F26AAC2452257[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\imageCABI5MYP.jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\F0AD16F690F81BBC98C076BE13A228[1].jpg 34973 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\5512D41618812F6801DA52ED431A9[1].jpg 2884 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\9CC680F71EE9AF2BC161D2F9A37723[1].jpg 3084 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\A0E33110C93E43FF0A741F9761897[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\D944EDEDA2401C95CDABF150CF458A[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\C97CF180AF55CE38DE90E386E0444D[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\3D1F5E9E15707E3C87BB17A1956D92[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\1F9492D87DA8E42E08BAC329B094[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\DD36DCA7CE59185908F4F235598AF[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\8E3B46FF75858922E636BEA571A96[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\669BA4E7C28B89F418A233A8F08BEA[1].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\EAAC058CE7492E8A441EF70AAFA2C[2].jpg 0 bytes
File C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4T4T8C8I\7717EDDAD943EFA6EDF9B431FAFFF[1].jpg 0 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Ten Best Selling UK Singles of 1972_files\CA0T4ZU9_files\abg-en-100c-ffffff.png 963 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Ten Best Selling UK Singles of 1972_files\CA0T4ZU9_files\sma4.js 6107 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\blogstyle.css 5290 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\CAXGNQZ1.htm 25113 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\counter.js 6331 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\divbar.png 419 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\girl_with_headphones_10.jpg 8822 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\girl_with_headphones_2.jpg 7874 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\popcharts_banner.png 33622 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\Research for 2nd book in blue lotus flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\Top Twenty UK Singles Chart For w-e December 9th 1972_files\show_ads.js 22215 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\ajax.js 4555 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\commonPrint.css 8123 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\IE60Fixes.css 1603 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\IEFixes.js 4006 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index(1).css 4580 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index(2).css 68 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index.css 26126 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index.php 20757 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\magnify-clip.png 267 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\main.css 42206 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\mwsuggest.js 22992 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\poweredby_mediawiki_88x31.png 1933 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\shared.css 6039 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\wikibits.js 27505 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\Music 1972 73\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\wikimedia-button.png 890 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\ajax.js 4555 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\commonPrint.css 8123 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\IE60Fixes.css 1603 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\IEFixes.js 4006 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index(1).css 4580 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index(2).css 68 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index.css 26126 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\index.php 20757 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\main.css 42206 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\mwsuggest.js 22992 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\shared.css 6039 bytes
File C:\Windows\CSC\v2.0.6\namespace\NSA210\Documents\Documents\Writing\Current projects\The Blue Lotus Flower\Research (Blue Lotus Flower)\Research 1970s and 1980s\1970s\News Headlines for 1972 1973\List of performers on Top of the Pops - Wikipedia, the free encyclopedia_files\wikibits.js 27505 bytes

---- EOF - GMER 1.0.15 ----

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:05 AM

Posted 10 December 2011 - 06:25 AM

Hello, my name is Elise and I'll assist you with this issue.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 TomRichardson

TomRichardson
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 10 December 2011 - 09:21 AM

Thank you for your help. Please find requested log below:

ComboFix 11-12-10.01 - user 10/12/2011 13:41:19.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2038.978 [GMT 0:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc78A7.tmp
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF15D.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 14:04 . 2011-12-10 14:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-10 14:03 . 2011-12-10 14:03 -------- d-----w- c:\users\Louise\AppData\Local\temp
2011-12-10 14:03 . 2011-12-10 14:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-06 13:31 . 2011-12-06 13:31 -------- d-----w- c:\users\user\AppData\Roaming\IPACS
2011-12-06 13:31 . 2011-12-06 13:31 -------- d-----w- c:\users\user\AppData\Roaming\InstallShield Installation Information
2011-12-01 20:21 . 2011-12-01 20:21 -------- d-----w- c:\windows\system32\SPReview
2011-12-01 20:18 . 2011-12-01 20:18 -------- d-----w- c:\windows\system32\EventProviders
2011-12-01 20:07 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-12-01 20:07 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-12-01 20:07 . 2010-11-20 12:19 53760 ----a-w- c:\windows\system32\LSCSHostPolicy.dll
2011-12-01 20:07 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-12-01 20:07 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-12-01 20:05 . 2010-11-20 12:21 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-12-01 20:04 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2011-12-01 20:03 . 2010-11-20 12:21 21504 ----a-w- c:\windows\system32\wsdchngr.dll
2011-12-01 20:02 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-12-01 19:59 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2011-12-01 19:59 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-12-01 19:59 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-12-01 19:56 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2011-12-01 15:13 . 2011-12-01 15:16 -------- d-----w- c:\users\user\AppData\Roaming\AVG
2011-11-30 23:24 . 2011-12-01 05:42 -------- d-----w- c:\programdata\AVG2012
2011-11-26 16:37 . 2011-11-26 16:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-26 16:37 . 2011-11-26 16:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-26 16:36 . 2011-11-26 16:36 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-25 08:16 . 2011-11-26 15:38 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-22 17:43 . 2011-11-22 17:43 -------- d-----w- C:\ClearViewRC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 20:45 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-26 16:33 . 2011-11-26 16:33 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-09 11:19 . 2011-10-09 11:21 350208 ----a-w- c:\windows\system32\d3drm.dll
2011-10-07 06:23 . 2011-10-07 06:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-07 03:48 . 2011-11-01 18:51 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C221EC4-BA46-41FF-A6F0-356E7BDD6779}\mpengine.dll
2011-09-24 06:38 . 2011-07-08 08:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-20 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-05-19 13:27 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [x]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-06 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [x]
R3 gupdatem;????? ????? Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-06 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 9600]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-11-07 56208]
S1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 AvgTdiX;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [2011-11-07 227312]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-07 71440]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-07 164112]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-25 734208]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-08 21520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-06 14:51]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-06 14:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c5b93b2f.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-10 14:13:00
ComboFix-quarantined-files.txt 2011-12-10 14:12
.
Pre-Run: 186,335,969,280 bytes free
Post-Run: 186,443,636,736 bytes free
.
- - End Of File - - BEA7232106CB44EF7B80401805628D90

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:05 AM

Posted 10 December 2011 - 09:30 AM

Do you still experience the slowness at this point?

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7u1.
  • Look for "JDK 7u1 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 TomRichardson

TomRichardson
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 11 December 2011 - 07:07 AM

Hi, I am following your instructions. You should know that I couldn't switch off Malwarebytes before running ComboFix because there's no drop down menu in protection level as per the instructions. I managed to get GMER running as iexplore, if you want me to post the log?

I've done everything else and I'm running a Malwarebytes scan now.

I've speeded up a little bit, thankyou.

I'm runnning an old system and my Internet isn't that fast, but it was taking two minutes to load the Google screen!

Malwarebytes to follow:

#12 TomRichardson

TomRichardson
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 11 December 2011 - 07:10 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8351

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/12/2011 12:09:09
mbam-log-2011-12-11 (12-09-09).txt

Scan type: Quick scan
Objects scanned: 210332
Time elapsed: 15 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:05 AM

Posted 11 December 2011 - 07:32 AM

That looks good! How much RAM does this computer have? Has it always been slow or has it recently slowed down considerably?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 TomRichardson

TomRichardson
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 12 December 2011 - 03:28 AM

Hi, I've have 2Gb of RAM. I'm back to the old slow this morning. Google took over two minutes to load, it's my home page. I had IE and live mail running and between them they were so slow that when clicked on they came up Not Responding for a while. Okay shall run the scan now, to folllow:

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,932 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:05 AM

Posted 12 December 2011 - 03:40 AM

Please reboot in safe mode with networking; do you notice the same slow down there?

You can try to uninstall AVG and opt for another Antivirus as well (Avira and Avast both are known to run very light).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users