Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help HTML/Framer virus and other malware adware [RESOLVED]

Started by AHart , Jun 08 2008 09:45 AM

  • This topic is locked This topic is locked

#16
eddie5659
Posted 24 June 2008 - 01:37 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
After running GMER, do the following:


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove this entry from Add/Remove Programs in the Control Panel(if present):

LimeShop

Please delete this folder using Windows Explorer(if present):

C:\Program Files\LimeShop\

Reboot and post a fresh Panda log.

Edited by eddie5659, 24 June 2008 - 01:45 PM.

  • 0

Advertisements

#17
AHart
Posted 24 June 2008 - 04:10 PM

AHart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
No i did not see it when i uploaded the file. Here is the results for gmer:

Thanks Annette

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-24 18:08:04
Windows 5.1.2600 Service Pack 2


---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01927376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1048] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019273CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] D251C3802F63061FCE19A395E3D2DCC6864BB54AD2D01E7710D7140F12F103AAA78AE0FBC6F6D173
502D4CD7A23A0F03BCC4639F41B5F0410F5D2F28FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127
BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D
40AA5C5D575E7D6A3B98085D575E7D6A3B9808895E89765A8C8258D5A3D00213D1E9F04D09AEFAC20
C381241BF95F65D2CA9D8DC3CB9155285E184F93C8A92471C0711C3D77D70A3F7B8E82D9E202B6B99
4BA3B1D1897EF16BD753EFA30A42D0D125638988BBC935C1CB85561A54DDFD71C0B36F8D51C3A90AA
03CFC2EEE520C7951DEDDF971186349F3FE9B3ABD93AE8B24DF2F3DC1F85DD186739616AB074CBCAE
B9356E75708C10482D0DE8395187E3A0C240185DB268D96C78E8F78AA756E9F1F3B70CF56D833EF43
0EFF6F8A18A1AF5BB25B37A909658478953562503E473674DC3DD722B909D3868BF17021429737AED
940F43AF28AC9FAB6A96EB69276DEB4A68D140CC6D1E657D28DFAFBA4DD59440F709B735D35614A6F
480A22EBC13F2356BBA87F6C85265D88BCEAD2C534FC15F6FE52A4741F9D485EEC260AB3D43021B43
4FC6D3C7F031297EC17F84890D91B84C4F41138D61289B066E12BDB3FCB3CC1F28CC12FDD3D960CBF
BF9DF35E5A87F15D078C64BF866F8207978C41B6936DFDC46BF6

---- EOF - GMER 1.0.14 ----
  • 0

#18
eddie5659
Posted 26 June 2008 - 02:30 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Looks like the file has gone :)

Okay, I see you have AVG installed, however its the Antivirus program. So, lets try using AVG Antispyware program :)


First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select ""Do no automatically generate report""
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

  • 0

#19
AHart
Posted 28 June 2008 - 06:52 AM

AHart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Hi Eddie,
Here is the result from Gmer i will post the panda scan next.
Thanks Annette

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-28 08:45:34
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xA8EE7794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xA8EE7F1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xA8EE6D0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xA8EE6384]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[184] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[184] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[184] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[184] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[184] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[184] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[184] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[208] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[208] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[208] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[208] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[208] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[208] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[208] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[216] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[216] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[216] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[216] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[216] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[216] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[216] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\bgsvcgen.exe[252] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[252] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[252] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[252] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[252] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\bgsvcgen.exe[252] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\bgsvcgen.exe[252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[304] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[304] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[304] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[304] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[304] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[304] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[304] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[400] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[400] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[400] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[400] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[400] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[400] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[400] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[424] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[424] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[424] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[424] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[424] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[424] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[424] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[468] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[468] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[468] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[468] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[468] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[480] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[648] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\HPZipm12.exe[724] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[724] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[724] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[724] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[724] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[724] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[724] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\HPZipm12.exe[724] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\oodag.exe[736] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\oodag.exe[736] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\oodag.exe[736] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\oodag.exe[736] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\oodag.exe[736] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\oodag.exe[736] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\oodag.exe[736] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[764] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[764] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[764] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[764] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[764] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[764] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[804] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[804] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[804] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[804] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[804] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[804] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[804] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[824] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[824] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[824] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[824] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[824] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[824] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[864] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[864] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[864] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[864] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[864] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[864] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1144] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1144] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1144] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1144] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1144] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1144] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1364] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1364] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1364] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1364] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1364] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1364] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1388] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\hkcmd.exe[1512] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1512] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1512] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1512] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1512] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1512] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1520] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1556] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1556] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1556] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1556] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1556] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1556] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1596] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1596] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1596] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1596] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1596] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1596] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1628] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1628] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1628] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1628] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1628] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1628] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1704] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1704] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1704] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1704] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1704] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1704] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1704] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1740] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1740] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1740] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1740] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1740] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1740] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[1740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1752] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1752] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1752] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1752] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1752] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1752] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\oodtray.exe[1776] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\oodtray.exe[1776] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\oodtray.exe[1776] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\oodtray.exe[1776] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\oodtray.exe[1776] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\oodtray.exe[1776] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\oodtray.exe[1776] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1796] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[1796] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[1796] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[1796] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[1796] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[1796] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[1824] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1824] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1824] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1824] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1824] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1824] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1824] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[1904] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Digital Line Detect\DLG.exe[1904] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Digital Line Detect\DLG.exe[1904] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Digital Line Detect\DLG.exe[1904] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Digital Line Detect\DLG.exe[1904] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Digital Line Detect\DLG.exe[1904] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Digital Line Detect\DLG.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2020] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2020] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2020] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2020] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2020] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2020] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2020] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2240] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2240] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2240] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2240] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2240] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2240] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2240] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2444] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 67, 98, C3, 83 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2832] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2832] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2832] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2832] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2832] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2832] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2832] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2916] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2916] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[2916] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2916] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[2916] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2916] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3084] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 8B, 96, C3, 83 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3224] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3224] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3224] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3224] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3224] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3224] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3224] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\gmer.exe[3848] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\gmer.exe[3848] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\gmer.exe[3848] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\gmer.exe[3848] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\gmer.exe[3848] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\gmer.exe[3848] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\gmer.exe[3848] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\gmer.exe[3848] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A773CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01A77376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01A77376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A773CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01A77376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A773CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A773CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01A77376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01A77376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A773CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A773CC] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01A77376] C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Prog
  • 0

#20
AHart
Posted 28 June 2008 - 07:00 AM

AHart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Hi, Eddie

sorry about running another Gmer but i've been out of town and have just got back and didn't think that i ran one already. NOw i will run AVG/

Regards
Annette
  • 0

#21
AHart
Posted 28 June 2008 - 09:18 AM

AHart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Okay, i ran the AVG anti-spyware and here are the results, let me know what you think and anything else i need to do. thanks annette

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:08:45 AM 6/28/2008

+ Scan result:



HKU\S-1-5-21-3968253741-2995909627-3275111859-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP599\A0101855.exe -> Not-A-Virus.PUP.SpywareDetector : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.208:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Annette and John\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.178:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.179:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.159:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.160:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.161:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.162:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.163:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Annette and John\Cookies\annette_and_john@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.130:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Annette and John\Cookies\annette_and_john@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.180:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.46:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.190:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.210:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.33:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.34:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.35:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.107:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.215:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.216:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.229:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.230:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.138:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.139:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.140:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.141:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.142:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.143:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.144:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.184:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.185:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.168:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.169:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.170:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.171:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.172:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.173:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.174:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.199:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.200:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.201:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.202:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.203:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.204:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.39:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.132:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.43:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.44:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.45:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.51:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.52:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.53:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.47:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.108:C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
  • 0

#22
eddie5659
Posted 30 June 2008 - 01:45 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Looking a lot better, but just a couple of things to remove, then I think we're done :)


Please remove this entry from Add/Remove Programs in the Control Panel(if present):

LimeShop

Please delete this folder using Windows Explorer(if present):

C:\Program Files\LimeShop\

Reboot your computer and post a fresh Panda scan and HijackThis log.

Edited by eddie5659, 30 June 2008 - 01:49 PM.

  • 0

#23
AHart
Posted 01 July 2008 - 04:25 PM

AHart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Hi Eddie,

Well, I do seem to think that i did remove limeshop and limewire at some point, do you still see it coming up? i looked for limeshop in program files and in add and remove its not there. Let me know what u think. Here is the panda and HJ list:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-01 18:01:38
PROTECTIONS: 1
MALWARE: 16
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00040377 adware/adultlinks Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965e6b07-6832-4738-bdbe-25f226ba2ab0}
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.atdmt.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.247realmedia.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.tribalfusion.com/]
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.hotlog.ru/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.statcounter.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[ad.yieldmanager.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[statse.webtrendslive.com/S136748]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[statse.webtrendslive.com/S127715]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[statse.webtrendslive.com/S127715]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[statse.webtrendslive.com/S136748]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.ads.pointroll.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Annette and John\Application Data\Mozilla\Firefox\Profiles\tyojlaxl.default\cookies.txt[.zedo.com/]
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\fixwareout\FindT\nircmd.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location t
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description t
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================



HIJACK LIST::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:31 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.12.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.12.29.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.mlscitrus.com
O16 - DPF: {0D9633EB-D799-4626-B34E-FCC17AFA2BCF} (osi_valid.uCltValid10) - http://www.mlscitrus...osi_valid9j.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance....6CHD/isetup.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 10247 bytes





My panda scan did not look too good
  • 0

#24
eddie5659
Posted 02 July 2008 - 02:11 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
The Panda scans fine, just the cookies that need removing, but I suggest using ATF Cleaner for that :)

How's the computer running now?
  • 0

#25
AHart
Posted 03 July 2008 - 01:08 PM

AHart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Hi Eddie,

My pc is running a lot faster and i don't get the html/framer thanks to you.. :) I will run ATF and clean up the cookies.
Do you have any suggestions as far as keeping my pc clean of malware and spyware. I can run the programs that we used to get it clean, which ones do you suggest and how often. Also, i had a previous question about banking and using credit cards. What is safe practice to use so as not to loose identity.

Thank you so very much for all your time and help :)

Regards,

Annette
  • 0

Advertisements

#26
eddie5659
Posted 03 July 2008 - 01:33 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Here's my close out speech, just wanted to know things are okay before I posted it :)


We have a couple of last steps to perform and then you're all set.


First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 2 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!





As for banking online, this is safe to do, as I do it. However, make sure your system is kept up to date with virus scans, etc. Also, look for the little yellow padlock when you're in a secure site. This shows that they're encrypted to 128-bit, which is the normal for security areas. You can double-click on this, and it explains what it is.

Also, make sure the site says https, if you're paying for something. The normal use is just plain old http, but you can see it on the picture below.

I've put a picture of the padlock, so that you can spot it in future :)

Plus, and not sure if you have this where you are, as I'm in the UK, but we can sometimes use MasterCard® SecureCode, which is an extra bit of security :)


Posted Image

I'll wait till you reply, then mark this one as Resolved :)
  • 0

#27
AHart
Posted 04 July 2008 - 08:56 AM

AHart

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Hi Eddie,

Again thank you for all your time and help. I will do as you say and reset hidden files and folders and clean restore points (i never new how to do that). Also, i will take your advice and download the programs you suggested to remain clean. Thanks for advice on banking it is helpful. I was not aware of the https and http difference. We do in the states have a secure code and i do use it when making purchases.

I guess we are finished for now, and i will heed your advice. :)

Thanks again you were great :)

Annette
  • 0

#28
eddie5659
Posted 06 July 2008 - 10:45 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
No problem, always here to help :)

eddie
  • 0

#29
eddie5659
Posted 06 July 2008 - 10:45 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP