Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirects, Fake Anti-Virus, DDS and GMER logs


  • This topic is locked This topic is locked
2 replies to this topic

#1 kwonzo38

kwonzo38

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 24 July 2012 - 11:36 AM

I have a HP Desktop that is running a 32-bit operating system. I have Windows 7.





It all started when I was trying to listen to music on YouTube. The audio kept skipping so I decided to restart the computer hoping that would work. The computer started up but as soon as it went onto the desktop screen, it froze. I was unable to move the mouse. So I shut down the computer using the power button and turned it back on. It did the same thing. I then tried it another 5 times and it still did the same thing, only this time, it froze on the Welcome screen. I then suspected a virus. So I went into safe mode, updated Malwarebytes and ran a full scan. It found 10 threats. I pressed remove. I then rebooted my computer and ran Windows normally. Again, it froze on the welcome screen. I then put it back into safe mode and ran a Malwarebytes scan again, this time it found 9. I pressed remove and I rebooted my computer and ran windows normally. It froze on the welcome screen again. I then put it back into safe mode and ran another Malwarebytes scan, this time it didn't find anything. By now, fake anti-viruses were coming telling me I had a bunch of viruses on my computer and I need to pay to take them off. I ignored those. I then downloaded SuperAntiSpyware. When I tried to install it, the fake anti-virus would say it was infected and wouldn't allow me to open it. I then Googled how to fix it, but everytime I clicked on the link, it would redirect me to websites that said I won an iPhone. I then renamed SuperAntiSpyware to explorer.exe. It worked and it scanned my computer, it found 391 threats. I pressed remove and reboot my computer into normal mode. Again, it froze on the Welcome screen. I then decided to try Microsoft's Scanner. I googled for it and again it redirected me. I finally found the scanner and ran it, it didn't find anything. Then howtogeek.com said to get combofix. While I was on bleeping computer I found out I should first get the DDS and GMER logs. So here they are:




THIS IS DDS.TXT


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Parent at 8:37:56 on 2012-07-24
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112477&tt=280612_5_&babsrc=HP_ss&mntrId=1a11d9b200000000000008863b62fb52
uDefault_Page_URL = hxxp://getstarted.k12.com/
mDefault_Page_URL = hxxp://getstarted.k12.com/
mStart Page = hxxp://getstarted.k12.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20120424192820.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
uRun: [Google Update] "c:\users\parent\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\explorer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows_NT_6.1;_rv:12.0)_Gecko/20100101_Firefox/12.0" -"http://www.miniclip.com/games/celebrity-table-tennis/en/"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\desktopui\XTray.Exe
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A1D24C33-1C51-4427-A623-CBC24E30A802} : DhcpNameServer = 192.168.2.1
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\parent\appdata\roaming\mozilla\firefox\profiles\59kkoegy.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\users\parent\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112477&tt=280612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 1a11d9b200000000000008863b62fb52
FF - user.js: extensions.BabylonToolbar_i.hardId - 1a11d9b200000000000008863b62fb52
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15523
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:37:51
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-24 00:00:17 -------- d-----w- c:\users\parent\appdata\roaming\SUPERAntiSpyware.com
2012-07-23 23:57:27 -------- d-----w- c:\programdata\SUPERSetup
2012-07-23 23:56:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-23 23:56:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-23 18:49:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 18:49:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-23 16:43:48 -------- d-----w- c:\users\parent\appdata\roaming\Malwarebytes
2012-07-21 23:36:48 -------- d-----w- c:\program files\Windows Installer Clean Up
2012-07-21 04:19:24 -------- d-----w- c:\users\parent\appdata\roaming\PDAppFlex
2012-07-21 03:43:42 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-07-21 01:24:50 -------- d-----w- c:\programdata\ALM
2012-07-21 00:51:14 -------- d-----w- c:\program files\My Company Name
2012-07-13 18:31:38 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-02 01:37:47 -------- d-----w- c:\programdata\Premium
2012-07-02 01:37:37 -------- d-----w- c:\programdata\Babylon
2012-07-02 01:37:36 -------- d-----w- c:\users\parent\appdata\roaming\Babylon
2012-07-02 01:37:20 -------- d-----w- c:\programdata\Codecv
2012-07-02 01:37:06 -------- d-----w- c:\programdata\InstallMate
2012-06-24 17:43:07 -------- d-----w- c:\users\parent\appdata\local\Activision
2012-06-24 17:38:45 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 17:38:06 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 17:37:25 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 17:37:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-24 17:33:46 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
.
==================== Find3M ====================
.
2012-06-23 15:23:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 15:23:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 04:21:06 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-11 18:17:42 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 01:05:38 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-05-07 01:32:48 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-07 01:32:48 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST325031 rev.HP64 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys >>UNKNOWN [0x84BFE4B1]<<
c:\windows\system32\drivers\amd_xata.sys Advanced Micro Devices Stor Filter Driver
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84c0593c]; MOV EAX, [0x84c05ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E7055A] -> \Device\Harddisk0\DR0[0x84944AC8]
3 CLASSPNP[0x8778759E] -> ntkrnlpa!IofCallDriver[0x81E7055A] -> [0x84940020]
5 amd_xata[0x8739F899] -> ntkrnlpa!IofCallDriver[0x81E7055A] -> \00000053[0x83AC6210]
\Driver\amd_sata[0x84B34E00] -> IRP_MJ_CREATE -> 0x84BFE4B1
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000053 -> \??\SCSI#Disk&Ven_ST325031&Prod_2AS#4&cf0c4ac&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 8:39:05.27 ===============







THIS IS ATTACH.TXT




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X
Adobe Shockwave Player 11.5
ALT Access
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity
Belkin USB Wireless Adaptor
BitTorrent
BitTorrentBar Toolbar
Bonjour
Cheat Engine 6.2
Codecv
Compatibility Pack for the 2007 Office system
Corel WinDVD
DAEMON Tools Pro
Defraggler (remove only)
Fraps (remove only)
Google Chrome
Graph 4.3
GTK+ 2.10.11 runtime environment
HP Customer Experience Enhancements
HP Vision Hardware Diagnostics
iTunes
Java 2 Runtime Environment, SE v1.4.2_07
Java Auto Updater
Java™ 6 Update 32
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Virus and Spyware Protection Service
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition - ENU
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Minecraft Cracked
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.2
Password Corral v4.0
Picasa 3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3 Platinum
RuneScape Launcher 1.2
SecondLifeViewer (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SUPERAntiSpyware
The GIMP 2.2.15
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VC Runtimes MSI
Visual C++ 8.0 x86 Runtime Setup Package
VLC media player 1.0.5
WebDwarf V2
.
==== End Of File ===========================







THIS IS ARK.TXT






GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-24 09:17:01
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000032 ST325031 rev.HP64
Running: gmer.exe; Driver: C:\Users\Parent\AppData\Local\Temp\awdyafow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E773C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EB0D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\Parent\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[756] ntdll.dll!NtWriteFile 77366A68 5 Bytes JMP 00013E2E
.text C:\Windows\system32\svchost.exe[756] kernel32.dll!SetUnhandledExceptionFilter 7588F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[756] USER32.dll!GetCursorPos 76E1A4B3 5 Bytes JMP 0001477D
.text C:\Windows\system32\svchost.exe[756] USER32.dll!GetForegroundWindow 76E2335D 5 Bytes JMP 0001482C
.text C:\Windows\system32\svchost.exe[756] USER32.dll!IsWindowVisible 76E24D69 5 Bytes JMP 00014853
.text C:\Windows\system32\svchost.exe[756] USER32.dll!WindowFromPoint 76E46BE9 5 Bytes JMP 000147CC
.text C:\Windows\system32\svchost.exe[756] USER32.dll!MessageBoxIndirectW 76E6E963 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[756] WS2_32.dll!GetAddrInfoW 76BB4889 5 Bytes JMP 00014719
.text C:\Windows\system32\svchost.exe[756] ole32.dll!CoGetClassObject 76A654AD 5 Bytes JMP 00014887
.text C:\Windows\system32\svchost.exe[756] ole32.dll!CoCreateInstance 76A79D0B 5 Bytes JMP 000148B1
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1676] USER32.dll!SetWindowLongA 76E18BA3 5 Bytes JMP 6CBB5EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1676] USER32.dll!SetWindowLongW 76E24449 5 Bytes JMP 6CBB5E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1676] USER32.dll!GetWindowInfo 76E24B5E 5 Bytes JMP 6C9A4822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1676] USER32.dll!TrackPopupMenu 76E32228 5 Bytes JMP 6C9A4DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtCreateFile + 6 773655CE 4 Bytes [28, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtCreateFile + B 773655D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtCreateKey + 6 7736560E 4 Bytes [68, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtCreateKey + B 77365613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtCreateMutant + 6 7736564E 4 Bytes [68, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtCreateMutant + B 77365653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtCreateSection + 6 773656EE 4 Bytes [A8, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtCreateSection + B 773656F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtMapViewOfSection + B 77365C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenFile + 6 77365CDE 4 Bytes [68, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenFile + B 77365CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenKey + 6 77365D0E 4 Bytes [A8, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenKey + B 77365D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenKeyEx + B 77365D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenMutant + 6 77365D5E 4 Bytes [28, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenMutant + B 77365D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenProcess + 6 77365D8E 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenProcess + 6 77365D8E 4 Bytes [68, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenProcess + B 77365D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenProcessToken + 6 77365D9E 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenProcessToken + 6 77365D9E 4 Bytes [A8, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenProcessToken + B 77365DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenProcessTokenEx + 6 77365DAE 4 Bytes [68, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenProcessTokenEx + B 77365DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenSection + B 77365DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenThread + 6 77365E0E 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenThread + 6 77365E0E 4 Bytes [28, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenThread + B 77365E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenThreadToken + 6 77365E1E 4 Bytes [28, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenThreadToken + B 77365E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenThreadTokenEx + 6 77365E2E 4 Bytes [A8, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtOpenThreadTokenEx + B 77365E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtQueryAttributesFile + 6 77365F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtQueryAttributesFile + B 77365F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtQueryFullAttributesFile + B 77365FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtSetInformationFile + 6 7736663E 4 Bytes [28, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtSetInformationFile + B 77366643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtSetInformationThread + 6 7736669E 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtSetInformationThread + B 773666A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtUnmapViewOfSection + 6 773669BE 4 Bytes [28, 05, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ntdll.dll!NtUnmapViewOfSection + B 773669C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] kernel32.dll!CreateProcessW 7584204D 5 Bytes JMP 00180030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] kernel32.dll!CreateProcessA 75842082 5 Bytes JMP 00180070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!DeleteObject 76965F14 5 Bytes JMP 002301B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SelectObject 76966640 5 Bytes JMP 002305F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SetTextColor 76966906 5 Bytes JMP 002309F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SetBkMode 769669B1 5 Bytes JMP 002308B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!DeleteDC 76966EAA 5 Bytes JMP 00230170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetDeviceCaps 76966F7F 5 Bytes JMP 002303B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!ExtSelectClipRgn 76967114 5 Bytes JMP 002302F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SelectClipRgn 76967242 5 Bytes JMP 002305B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SetStretchBltMode 76967705 5 Bytes JMP 00230670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetCurrentObject 76967917 5 Bytes JMP 00230370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetTextMetricsW 76967B8F 5 Bytes JMP 00230DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetTextAlign 76967DAF 5 Bytes JMP 00230D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!IntersectClipRect 76967DFE 5 Bytes JMP 002303F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!ExtTextOutW 76968192 5 Bytes JMP 00230930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SetTextAlign 7696828E 5 Bytes JMP 002309B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetClipBox 76968525 5 Bytes JMP 00230330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!MoveToEx 76968C21 5 Bytes JMP 00230470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!StretchDIBits 7696A53E 5 Bytes JMP 00230730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!RestoreDC 7696A67B 5 Bytes JMP 00230530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SaveDC 7696A74B 5 Bytes JMP 00230570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetTextExtentPoint32W 7696B4B5 5 Bytes JMP 00230630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetTextFaceW 7696B73A 2 Bytes JMP 00230CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetTextFaceW + 3 7696B73D 2 Bytes [8C, 89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetFontData 7696BCC4 5 Bytes JMP 00230C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SetWorldTransform 7696C90A 5 Bytes JMP 002306B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!CreateDCA 7696CCA9 5 Bytes JMP 002300B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!CreateDCW 7696CF79 5 Bytes JMP 002300F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!CreateICW 7696CFD0 5 Bytes JMP 00230130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetTextMetricsA 7696D0F2 5 Bytes JMP 00230DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!Rectangle 7696F1FF 5 Bytes JMP 00230970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!LineTo 7696F59B 5 Bytes JMP 00230430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SetICMMode 7696FAA4 5 Bytes JMP 00230D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!ExtTextOutA 769703F9 5 Bytes JMP 002308F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!ExtEscape 76972949 3 Bytes JMP 002302B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!ExtEscape + 4 7697294D 1 Byte [89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!Escape 76973939 3 Bytes JMP 00230270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!Escape + 4 7697393D 1 Byte [89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetTextFaceA 76973E6A 3 Bytes JMP 00230CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetTextFaceA + 4 76973E6E 1 Byte [89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SetPolyFillMode 7697D851 3 Bytes JMP 00230AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SetPolyFillMode + 4 7697D855 1 Byte [89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SetMiterLimit 7697DA0D 3 Bytes JMP 00230B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SetMiterLimit + 4 7697DA11 1 Byte [89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!EndPage 769800D7 3 Bytes JMP 00230230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!EndPage + 4 769800DB 1 Byte [89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!ResetDCW 7698050D 3 Bytes JMP 00230A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!ResetDCW + 4 76980511 1 Byte [89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!GetGlyphOutlineW 7698C1BA 5 Bytes JMP 00230C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!CreateScalableFontResourceW 7698E817 5 Bytes JMP 00230B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!AddFontResourceW 7698EC13 5 Bytes JMP 00230BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!RemoveFontResourceW 7698F109 5 Bytes JMP 00230BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!AbortDoc 76994C63 5 Bytes JMP 00230030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!EndDoc 769950AA 5 Bytes JMP 002301F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!StartPage 76995195 5 Bytes JMP 002306F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!StartDocW 76995BB0 5 Bytes JMP 002307B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!BeginPath 7699635D 5 Bytes JMP 002307F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!SelectClipPath 769963B4 5 Bytes JMP 00230AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!CloseFigure 7699640F 5 Bytes JMP 00230070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!EndPath 76996466 5 Bytes JMP 00230A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!StrokePath 76996699 5 Bytes JMP 00230770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!FillPath 76996726 5 Bytes JMP 00230830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!PolylineTo 76996B94 5 Bytes JMP 002304F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!PolyBezierTo 76996C25 5 Bytes JMP 002304B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] GDI32.dll!PolyDraw 76996CD7 5 Bytes JMP 00230870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!ActivateKeyboardLayout 76E18203 5 Bytes JMP 003404F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!ScreenToClient 76E1A506 7 Bytes JMP 00340670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!RegisterClipboardFormatA 76E1C091 5 Bytes JMP 003402F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!RegisterClipboardFormatW 76E1DF8D 5 Bytes JMP 003402B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!SetCursor 76E23075 5 Bytes JMP 00340530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!MonitorFromWindow 76E23622 7 Bytes JMP 00340630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!PostMessageW 76E2447B 5 Bytes JMP 003405F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!IsWindowVisible 76E24D69 7 Bytes JMP 003406B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetClientRect 76E254DD 7 Bytes JMP 003405B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!MapWindowPoints 76E25CAA 5 Bytes JMP 00340570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetParent 76E26029 7 Bytes JMP 003406F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!EmptyClipboard 76E3290C 5 Bytes JMP 00340130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!SetClipboardData 76E32962 5 Bytes JMP 00340170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetClipboardData 76E32BA7 5 Bytes JMP 00340030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetClipboardFormatNameW 76E35FD2 5 Bytes JMP 00340230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!SetClipboardViewer 76E36FF6 5 Bytes JMP 003404B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetClipboardFormatNameA 76E3700A 5 Bytes JMP 00340270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!ChangeClipboardChain 76E4147C 5 Bytes JMP 00340430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetTopWindow 76E424D9 7 Bytes JMP 00340730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!CloseClipboard 76E4446C 5 Bytes JMP 003400B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!OpenClipboard 76E4447E 5 Bytes JMP 00340070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!IsClipboardFormatAvailable 76E444FF 5 Bytes JMP 003400F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetClipboardSequenceNumber 76E44513 5 Bytes JMP 00340330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetClipboardOwner 76E44525 5 Bytes JMP 00340370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!CountClipboardFormats 76E4470A 5 Bytes JMP 003401F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!EnumClipboardFormats 76E447EC 5 Bytes JMP 003401B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetOpenClipboardWindow 76E4480B 5 Bytes JMP 003403F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!SetCursorPos 76E5C1B0 5 Bytes JMP 00340770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetClipboardViewer 76E74AF7 5 Bytes JMP 00340470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] USER32.dll!GetPriorityClipboardFormat 76E74BF9 5 Bytes JMP 003403B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ole32.dll!OleSetClipboard 76A90045 3 Bytes JMP 00350030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ole32.dll!OleSetClipboard + 4 76A90049 1 Byte [89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ole32.dll!OleIsCurrentClipboard 76A936B2 3 Bytes JMP 00350070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ole32.dll!OleIsCurrentClipboard + 4 76A936B6 1 Byte [89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[1960] ole32.dll!OleGetClipboard 76ABFDCD 5 Bytes JMP 003500B0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2580] ntdll.dll!LdrLoadDll 7738223E 5 Bytes JMP 6C82C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2580] kernel32.dll!MapViewOfFile 758893DB 5 Bytes JMP 6CA5E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2580] kernel32.dll!VirtualAlloc 7588C43A 5 Bytes JMP 6CA5E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2580] GDI32.dll!CreateDIBSection 76968850 5 Bytes JMP 6CA5E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Device\00000053 -> \??\SCSI#Disk&Ven_ST325031&Prod_2AS#4&cf0c4ac&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----












At first I was going to just run combo fix but I thought I'd be better off posting to the forum so you guys can tell me exactly what do. Thank you for your time!!!

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 PM

Posted 29 July 2012 - 11:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462256 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 PM

Posted 30 July 2012 - 11:18 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users