Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer infected - not sure which viruses specifically

Started by CWeezy2424 , Jul 15 2010 08:04 PM

  • Please log in to reply

#1
CWeezy2424
Posted 15 July 2010 - 08:04 PM

CWeezy2424

    Member

  • Member
  • PipPip
  • 52 posts
Hi guys,

Thanks a lot for the help. I had a trojan come thru about a month ago, and now it seems as though I have several viruses. A few days ago I couldn't get to any website, I would just get the fake AV Security site over and over, and no other website would load besides that. Also, sound would come through my computer for about 5 minutes, and then no audio would come through. Now I get absolutely no audio. (Before this happened, all sound worked perfectly fine) Yesterday I did a system restore and it doesn't seem like much has been fixed. I went to restore again and there are no checkpoints remaining. My computer will not restart - it freezes at "Windows Shutting Down..." screen (left it for 2 hours). Also, it boots successfully 1 out of every 6 times - it usually just loads my desktop, with no icons or toolbar, and sits idle. Tonight I ran Malware Bytes Anti Malware and it appears I had the following viruses (which it says were removed):

Win32: Zbot-MML [Trj]
Win32: Alureon-HA [Trj]
Win32: Rootkit-gen [Rtk]

The issues still largely remain, and I am not convinced that nearly all of my problems have been solved. Can someone please help me on where I should get started and what I should do to clean my computer? Thanks so much for help! I really appreciate it.
  • 0

Advertisements

#2
RKinner
Posted 15 July 2010 - 10:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.

If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron
  • 0

#3
CWeezy2424
Posted 15 July 2010 - 11:25 PM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Thank you for your quick response. I completed the TFC and the ERUNT step - my computer froze once again at "shutting down" screen. Also ran AVAST anti virus. See below for my MBAM, GMER, and OTL logs...

MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/15/2010 9:22:02 PM
mbam-log-2010-07-15 (21-22-02).txt

Scan type: Quick scan
Objects scanned: 133688
Time elapsed: 24 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\asli\Local Settings\Temp\0.8323951779472475.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
  • 0

#4
CWeezy2424
Posted 15 July 2010 - 11:30 PM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
GMER...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-16 01:28:30
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\asli\LOCALS~1\Temp\pwxoipoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEEE5A0B0]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF84E6394]
init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xF8A85E00]
init C:\WINDOWS\system32\drivers\tiumfwl.sys entry point in "init" section [0xF8927F00]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF71D5340, 0x106FDF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x238E10, 0xF8000020]
? C:\DOCUME~1\asli\LOCALS~1\Temp\pwxoipob.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\DIGStream\digstream.exe[180] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP C1000025
.text C:\Program Files\DIGStream\digstream.exe[180] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP BB000025
.text C:\Program Files\DIGStream\digstream.exe[180] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP B8000025
.text C:\Program Files\DIGStream\digstream.exe[180] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP BE000025
.text C:\Program Files\DIGStream\digstream.exe[180] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP C4000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 76000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 7C000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 85000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!send 71AB428A 8 Bytes JMP 82000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP B2000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 79000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!recv 71AB615A 8 Bytes JMP B5000025
.text C:\Program Files\DIGStream\digstream.exe[180] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 7F000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP A3000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 9A000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 94000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 97000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP A9000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 8B000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP AC000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 88000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP A6000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP A0000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 9D000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP AF000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 8E000025
.text C:\Program Files\DIGStream\digstream.exe[180] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 91000025
.text C:\Program Files\DIGStream\digstream.exe[180] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\DIGStream\digstream.exe[180] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP C7000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 27000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 1E000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 18000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 1B000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 2D000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 0F000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 30000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 0C000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 2A000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 24000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 21000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 33000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 12000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 15000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 45000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 3F000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 3C000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 42000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 48000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 4B000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP FA000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 00000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 09000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!send 71AB428A 8 Bytes JMP 06000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 36000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP FD000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!recv 71AB615A 8 Bytes JMP 39000025
.text C:\Program Files\ESPNRunTime\DIGServices.exe[188] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 03000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 4D000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 47000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 44000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 4A000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 50000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 2F000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 26000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 20000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 23000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 35000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 17000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 38000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 14000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 32000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 2C000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 29000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 3B000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 1A000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 1D000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 53000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP BA000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 08000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 11000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!send 71AB428A 8 Bytes JMP 0E000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 6E007200
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 05000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!recv 71AB615A 8 Bytes JMP 41000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[204] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 0B000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 91000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 8B000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 88000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 8E000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 94000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 73000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 6A000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 64000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 67000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 79000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 5B000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 7C000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 58000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 76000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 70000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 6D000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 7F000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 5E000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 61000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Verizon\McciTrayApp.exe[300] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 97000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 46000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 4C000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 55000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!send 71AB428A 8 Bytes JMP 52000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 82000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 49000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!recv 71AB615A 8 Bytes JMP 85000025
.text C:\Program Files\Verizon\McciTrayApp.exe[300] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 4F000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 28000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 22000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 1F000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 25000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 2B000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 0A000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!InternetReadFile 3D94654B 8 Bytes [55, 90, FF, 25, 00, 00, 01, ...] {PUSH EBP; NOP ; JMP [0x2010000]}
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP FB000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP FE000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 10000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP F2000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 13000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP EF000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 0D000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 07000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 16000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP F5000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP F8000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP DD000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP E3000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!sendto 71AB2C69 6 Bytes JMP EC000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!sendto + 7 71AB2C70 1 Byte [01]
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!send 71AB428A 8 Bytes JMP E9000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 19000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP E0000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!recv 71AB615A 8 Bytes JMP 1C000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP E6000025
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[320] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 2E000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 90000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 8A000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 87000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 8D000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 93000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 45000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 4B000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 54000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!send 71AB428A 8 Bytes JMP 51000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 81000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 48000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!recv 71AB615A 8 Bytes JMP 84000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 4E000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 96000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 72000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 69000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 63000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 66000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 78000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 5A000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 7B000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 57000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 75000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 6F000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 6C000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 7E000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 5D000025
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[432] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 60000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 5C000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!PeekMessageW 7E41929B 6 Bytes JMP 56000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!PeekMessageW + 7 7E4192A2 1 Byte [01]
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 53000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 59000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 5F000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 6E007200
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 35000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 2F000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 32000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 44000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 26000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 47000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 23000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 41000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 3B000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 38000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 4A000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 29000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 2C000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Apoint2K\Apntex.exe[464] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 62000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F0000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP F6000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 20000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!send 71AB428A 8 Bytes JMP 1D000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 4D000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP F3000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!recv 71AB615A 8 Bytes JMP 50000025
.text C:\Program Files\Apoint2K\Apntex.exe[464] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP F9000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 6D000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 66000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 63000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 69000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 70000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 4E000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 45000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 3F000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 42000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 54000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 36000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 57000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 33000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 51000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 4B000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 48000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 5A000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 39000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 3C000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 73000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP EB000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 26000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 2F000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!send 71AB428A 8 Bytes JMP 2C000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 5D000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 23000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!recv 71AB615A 8 Bytes JMP 60000025
.text C:\Documents and Settings\asli\Desktop\Desktop\gmer.exe[536] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 29000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[544] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 39000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 33000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 30000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 36000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 3C000025
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[544] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Internet Explorer\iexplore.exe[544] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 3F000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 8D000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 87000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 84000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 8A000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 90000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 6F000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 66000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 60000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 63000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 75000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 57000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 78000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 54000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 72000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 6C000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 69000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 7B000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 5A000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 5D000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 42000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 48000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 51000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!send 71AB428A 8 Bytes JMP 4E000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 7E000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 45000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!recv 71AB615A 8 Bytes JMP 81000025
.text C:\Program Files\iTunes\iTunesHelper.exe[644] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 74FCDE32
.text C:\Program Files\iTunes\iTunesHelper.exe[644] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\iTunes\iTunesHelper.exe[644] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 93000025
.text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 41000025
.text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 3B000025
.text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 38000025
.text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 6E007200
.text C:\WINDOWS\system32\ctfmon.exe[648] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 44000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 23000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 1A000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 14000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 17000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 29000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 0B000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 2C000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 08000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 26000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 20000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 1D000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 2F000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 0E000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 11000025
.text C:\WINDOWS\system32\ctfmon.exe[648] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\system32\ctfmon.exe[648] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 47000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F6000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP FC000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 05000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!send 71AB428A 8 Bytes JMP 02000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 32000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP F9000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!recv 71AB615A 8 Bytes JMP 35000025
.text C:\WINDOWS\system32\ctfmon.exe[648] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP FF000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP C7000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP C1000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP BE000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP C4000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP CA000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 3F000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 82000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 8B000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!send 71AB428A 8 Bytes JMP 88000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP B8000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 7F000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!recv 71AB615A 8 Bytes JMP BB000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 85000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP A9000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP A0000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 9A000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 9D000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP AF000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 91000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP B2000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 8E000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP AC000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP A6000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP A3000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP B5000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 94000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 97000025
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[668] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP CD000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP A4000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 9E000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 9B000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP A1000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP A7000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 86000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP C4FF3161
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP FF50046A
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 7A000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 8C000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 6E000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 8F000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 6B000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 89000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 83000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 80000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 92000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 71000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 74000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP AA000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 59000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 5F000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 68000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!send 71AB428A 8 Bytes JMP 65000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 95000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 5C000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!recv 71AB615A 8 Bytes JMP 98000025
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[884] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 62000025
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 0101000A
.text C:\WINDOWS\System32\svchost.exe[1016] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00AA000A
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 48000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 42000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 3F000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 45000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 4B000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 2A000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 21000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 1B000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 1E000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 30000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 12000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 33000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 0F000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 2D000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 27000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 24000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 36000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 15000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 18000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 4E000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP FD000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 03000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 0C000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!send 71AB428A 8 Bytes JMP 09000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 39000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 00000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!recv 71AB615A 8 Bytes JMP 3C000025
.text C:\Program Files\SpywareGuard\sgmain.exe[1072] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 06000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP EA000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP E4000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP E1000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP E7000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP ED000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP CC000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP C3000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP BD000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP C0000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP D2000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP B4000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP D5000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP B1000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP CF000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP C9000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP C6000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP D8000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP B7000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP BA000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP F0000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 7E000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 84000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP AE000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!send 71AB428A 8 Bytes JMP AB000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP DB000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 81000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!recv 71AB615A 8 Bytes JMP DE000025
.text C:\Program Files\SpywareGuard\sgbhp.exe[1376] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 87000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP F3000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 80000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP C4FF3161
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 83000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP F6000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP F9000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 68000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 5F000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 59000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 5C000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 6E000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 50000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 71000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 4D000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 6B000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 65000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 62000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 74000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 53000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 56000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 3B000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 41000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 4A000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!send 71AB428A 8 Bytes JMP 47000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP FF50046A
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 6E007200
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!recv 71AB615A 8 Bytes JMP 7A000025
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[1536] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 44000025
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP B8000025
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 92000025
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 8F000025
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 95000025
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP BB000025
.text C:\WINDOWS\Explorer.EXE[1624] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\Explorer.EXE[1624] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP BD000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP D0000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP CA000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP C7000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP CD000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP D3000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 4D000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 44000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 6E007200
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 41000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 53000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 35000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 56000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 32000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 50000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 4A000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 47000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 59000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 38000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 3B000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Apoint2K\Apoint.exe[1904] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP D6000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 1E000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 24000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 2F000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!send 71AB428A 8 Bytes JMP 2C000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 5C000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 21000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!recv 71AB615A 8 Bytes JMP 5F000025
.text C:\Program Files\Apoint2K\Apoint.exe[1904] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 29000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 75000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 6F000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 6C000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 72000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 78000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 57000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 4E000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 48000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 4B000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 5D000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 3F000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 60000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 3C000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 5A000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 54000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 51000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 63000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 42000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 45000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\WINDOWS\AGRSMMSG.exe[1916] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 7B000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 2A000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 30000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 39000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!send 71AB428A 8 Bytes JMP 36000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 66000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 2D000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!recv 71AB615A 8 Bytes JMP 69000025
.text C:\WINDOWS\AGRSMMSG.exe[1916] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 33000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 1E000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 18000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 15000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 1B000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 21000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 00000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP F7000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP F1000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP F4000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 06000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP E8000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 09000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP E5000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 03000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP FD000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP FA000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 0C000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP EB000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP EE000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 24000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP D3000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP D9000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP E2000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!send 71AB428A 8 Bytes JMP DF000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 0F000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP D6000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!recv 71AB615A 8 Bytes JMP 12000025
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[1968] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP DC000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP D4000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP CE000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP CB000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP D1000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP D7000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 89000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 8F000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 98000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!send 71AB428A 8 Bytes JMP 95000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP C5000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 8C000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!recv 71AB615A 8 Bytes JMP C8000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 92000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP B6000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP AD000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP A7000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP AA000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP BC000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 9E000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP BF000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 9B000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP B9000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP B3000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP B0000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP C2000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP A1000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP A4000025
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2044] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP DA000025
.text C:\WINDOWS\system32\wuauclt.exe[3260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\system32\wuauclt.exe[3260] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\wuauclt.exe[3260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\wuauclt.exe[3260] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\system32\wuauclt.exe[3396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\system32\wuauclt.exe[3396] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\wuauclt.exe[3396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\wuauclt.exe[3396] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\system32\wuauclt.exe[3516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\system32\wuauclt.exe[3516] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\wuauclt.exe[3516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\wuauclt.exe[3516] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP AB000025
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP A5000025
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP A2000025
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP A8000025
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP AE000025
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Internet Explorer\iexplore.exe[3580] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP B1000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP F1000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP F7000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 00000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!send 71AB428A 8 Bytes JMP FD000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 2D000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP F4000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!recv 71AB615A 8 Bytes JMP 30000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP FA000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 3C000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 36000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 33000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 39000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 3F000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 1E000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 15000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 0F000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 12000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 24000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 06000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 27000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 03000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 21000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 1B000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetReadFileExA 3D963381 8 Bytes JMP 18000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP 2A000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpSendRequestExA 3D9BA70A 8 Bytes JMP 09000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 0C000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3684] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 42000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!getaddrinfo 71AB2A6F 8 Bytes JMP 6E007200
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!inet_addr 71AB2BF4 8 Bytes JMP 44000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!sendto 71AB2C69 8 Bytes JMP 4D000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!send 71AB428A 8 Bytes JMP 4A000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!WSARecv 71AB4318 8 Bytes JMP 7A000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!gethostbyname 71AB4FD4 8 Bytes JMP 41000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!recv 71AB615A 8 Bytes JMP C4FF3161
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WS2_32.dll!WSASend 71AB6233 8 Bytes JMP 47000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] USER32.dll!GetMessageW 7E4191C6 8 Bytes JMP 89000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] USER32.dll!PeekMessageW 7E41929B 8 Bytes JMP 83000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] USER32.dll!PeekMessageA 7E41C96C 8 Bytes JMP 80000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] USER32.dll!GetMessageA 7E42E002 8 Bytes JMP 86000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] USER32.dll!GetClipboardData 7E430D7A 8 Bytes JMP 8C000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!CommitUrlCacheEntryA 3D940F78 8 Bytes JMP 6B000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetReadFile 3D94654B 8 Bytes JMP 62000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetCloseHandle 3D949088 8 Bytes JMP 5C000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetQueryDataAvailable 3D94BF7F 8 Bytes JMP 5F000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpOpenRequestA 3D94D508 8 Bytes JMP 71000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpSendRequestW 3D94FABE 8 Bytes JMP 53000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpOpenRequestW 3D94FBFB 8 Bytes JMP 74000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpSendRequestA 3D95EE89 8 Bytes JMP 50000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!CommitUrlCacheEntryW 3D963085 8 Bytes JMP 6E000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetReadFileExW 3D963349 8 Bytes JMP 68000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetReadFileExA 3D963381 8 Bytes [55, 90, FF, 25, 00, 00, 65, ...] {PUSH EBP; NOP ; JMP [0x3650000]}
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!InternetWriteFile 3D9A60F6 8 Bytes JMP FF50046A
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpSendRequestExA 3D9BA70A 6 Bytes JMP 56000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpSendRequestExA + 7 3D9BA711 1 Byte [03]
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] WININET.dll!HttpSendRequestExW 3D9BA763 8 Bytes JMP 59000025
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 6 Bytes [33, C0, 40, C2, 10, 00] {XOR EAX, EAX; INC EAX; RET 0x10}
.text C:\Program Files\Alwil Software\Avast4\ashSimpl.exe[3928] CRYPT32.dll!PFXImportCertStore 77AEF748 8 Bytes JMP 8F000025

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 81D31FC5

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8249DEC5

---- Threads - GMER 1.0.15 ----

Thread System [4:1632] 81D317CA
Thread System [4:1644] 81D3157C
Thread System [4:1648] 81D3257D

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\asli\Cookies\[email protected] 0 bytes
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
  • 0

#5
CWeezy2424
Posted 15 July 2010 - 11:54 PM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
t
  • 0

#6
CWeezy2424
Posted 15 July 2010 - 11:55 PM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
OTL logfile created on: 7/16/2010 1:35:05 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\asli\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 175.00 Mb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 25.33 Gb Free Space | 33.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAN-A4637BDFDA5
Current User Name: asli
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/16 01:33:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\asli\Desktop\OTL.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/17 20:50:43 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/10/24 10:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 04:27:03 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2007/12/04 10:36:33 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/12/04 09:00:23 | 000,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/12/04 09:00:16 | 000,140,664 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007/12/04 08:59:53 | 000,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2007/12/04 08:59:01 | 000,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007/12/04 08:54:23 | 000,157,048 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
PRC - [2007/09/28 14:30:48 | 000,936,960 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 15:20:04 | 002,061,816 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/07/14 11:47:26 | 000,106,496 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\ESPNRunTime\DIGServices.exe
PRC - [2006/02/10 15:06:22 | 000,278,528 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\DIGStream\digstream.exe
PRC - [2004/01/13 10:21:10 | 000,245,760 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/07/16 01:33:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\asli\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/19 08:59:41 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2004/08/04 09:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/12/04 10:36:33 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007/12/04 09:00:16 | 000,140,664 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2007/12/04 08:59:53 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2007/12/04 08:59:01 | 000,345,464 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2009/12/17 20:50:39 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/12/17 20:50:34 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/12/04 10:55:46 | 000,094,544 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2007/12/04 10:53:39 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2007/12/04 10:51:52 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2007/12/04 10:49:02 | 000,026,624 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/02/09 07:10:35 | 000,295,712 | ---- | M] (Broadcom Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\nmuhqjp.sys -- (nmuhqjp)
DRV - [2006/02/16 17:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2004/05/08 11:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/04/07 07:22:00 | 001,382,634 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/01/30 04:01:40 | 001,205,292 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/17 18:02:00 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2003/12/17 18:02:00 | 000,008,448 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2003/12/04 00:29:58 | 000,286,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/12/02 02:27:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/10/23 03:11:00 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2003/10/07 15:40:00 | 000,094,601 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/08/18 01:57:52 | 000,007,080 | R--- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/05 23:46:16 | 000,005,220 | R--- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabusb.sys -- (eabusb)
DRV - [2001/08/17 14:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://wapp.verizon....hoo&bm=yh_home"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/24 18:35:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 22:23:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 22:23:08 | 000,000,000 | ---D | M]

[2009/06/18 21:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\asli\Application Data\Mozilla\Extensions
[2010/02/25 22:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\asli\Application Data\Mozilla\Firefox\Profiles\nzlasclv.default\extensions
[2010/01/22 21:31:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\asli\Application Data\Mozilla\Firefox\Profiles\nzlasclv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/03/11 00:34:01 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\asli\Application Data\Mozilla\Firefox\Profiles\nzlasclv.default\searchplugins\siteadvisor.xml
[2010/02/25 22:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/20 17:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2008/02/18 17:28:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O3 - HKCU\..\Toolbar\WebBrowser: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\asli\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...163/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\asli\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\asli\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/11 00:49:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f9ef5810-ed72-11dd-9e95-000fb001e5a4}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{f9ef5810-ed72-11dd-9e95-000fb001e5a4}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (11272609819787264)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/16 01:32:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\asli\Desktop\OTL.exe
[2010/07/16 00:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asli\Desktop\Desktop
[2010/07/16 00:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/16 00:23:55 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\asli\Desktop\TFC.exe
[2010/07/15 19:03:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/15 19:03:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/15 18:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/15 18:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/12 20:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/12 20:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asli\Desktop\maddden
[2010/07/11 22:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/11 22:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/08 19:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion(2)
[2010/07/08 19:54:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/02 15:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\asli\Desktop\Eminem - Recovery (2010)
  • 0

#7
CWeezy2424
Posted 15 July 2010 - 11:57 PM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
========== Files - Modified Within 90 Days ==========

[2010/07/16 01:33:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\asli\Desktop\OTL.exe
[2010/07/16 00:35:15 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\asli\Desktop\NTREGOPT.lnk
[2010/07/16 00:35:15 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\asli\Desktop\ERUNT.lnk
[2010/07/16 00:29:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/16 00:29:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/16 00:29:12 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/16 00:27:33 | 009,486,336 | ---- | M] () -- C:\Documents and Settings\asli\ntuser.dat
[2010/07/16 00:27:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\asli\ntuser.ini
[2010/07/16 00:24:12 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\asli\Desktop\TFC.exe
[2010/07/14 17:27:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/08 20:38:31 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/07/06 22:19:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/25 23:32:53 | 000,502,240 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 23:32:53 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/25 23:32:53 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/15 01:13:01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\asli\Desktop\Sarah Car Payment Schedule.xls
[2010/06/11 03:40:47 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 03:23:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/07 13:56:55 | 000,021,265 | ---- | M] () -- C:\Documents and Settings\asli\Desktop\41+0zeNvD5L__SL400_.jpg
[2010/05/07 13:56:32 | 000,039,403 | ---- | M] () -- C:\Documents and Settings\asli\Desktop\51emYVVIz2L.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 22:29:43 | 099,640,723 | ---- | M] () -- C:\Documents and Settings\asli\Desktop\006_Learn_To_Live_-_Darius_Rucker_2008.rar
[2010/04/25 21:03:38 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\asli\My Documents\Nascar 2010.xls

========== Files Created - No Company Name ==========

[2010/07/16 00:35:15 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\asli\Desktop\NTREGOPT.lnk
[2010/07/16 00:35:15 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\asli\Desktop\ERUNT.lnk
[2010/07/15 18:12:31 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/08 19:55:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/07/01 00:13:37 | 009,486,336 | ---- | C] () -- C:\Documents and Settings\asli\ntuser.dat
[2010/06/14 23:00:09 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\asli\Desktop\Sarah Car Payment Schedule.xls
[2010/05/07 13:57:01 | 000,021,265 | ---- | C] () -- C:\Documents and Settings\asli\Desktop\41+0zeNvD5L__SL400_.jpg
[2010/05/07 13:56:48 | 000,039,403 | ---- | C] () -- C:\Documents and Settings\asli\Desktop\51emYVVIz2L.jpg
[2010/04/26 22:29:10 | 099,640,723 | ---- | C] () -- C:\Documents and Settings\asli\Desktop\006_Learn_To_Live_-_Darius_Rucker_2008.rar
[2010/04/25 20:45:16 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\asli\My Documents\Nascar 2010.xls
[2008/01/30 23:58:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/16 19:22:18 | 000,000,911 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/01/16 15:40:58 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/04 09:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 09:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 09:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 09:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 09:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/01/08 23:22:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/12/17 18:02:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/16 01:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/01/29 14:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESPN
[2008/02/18 03:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/07/12 20:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/12 20:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion(2)
[2008/01/29 15:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/17 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/01/29 15:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\asli\Application Data\acccore
[2008/01/29 14:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\asli\Application Data\ESPN
[2008/02/18 03:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\asli\Application Data\Grisoft
[2008/01/29 03:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\asli\Application Data\Leadertech
[2009/01/28 15:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\asli\Application Data\Research In Motion
[2010/07/12 20:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\asli\Application Data\uTorrent
[2008/01/29 15:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\asli\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/09/11 00:49:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/09/11 00:43:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/09/11 00:49:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/16 00:29:12 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2007/09/11 00:49:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/01/29 15:23:40 | 000,001,046 | -H-- | M] () -- C:\IPH.PH
[2004/08/04 09:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\kmd.exe
[2007/09/11 00:49:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/01/16 19:21:14 | 000,013,674 | ---- | M] () -- C:\mszone.log
[2009/07/15 13:10:47 | 000,000,571 | ---- | M] () -- C:\NTDClient.log
[2004/08/04 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 09:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/16 00:29:10 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008/01/16 19:06:24 | 000,000,183 | ---- | M] () -- C:\setup.log
[2008/01/16 15:45:19 | 000,019,688 | ---- | M] () -- C:\sunjava.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >
  • 0

#8
CWeezy2424
Posted 15 July 2010 - 11:58 PM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/09/11 00:49:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/09/11 03:36:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/09/11 03:36:17 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/09/11 03:36:17 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 09:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
  • 0

#9
CWeezy2424
Posted 15 July 2010 - 11:59 PM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 09:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll
  • 0

#10
CWeezy2424
Posted 16 July 2010 - 12:03 AM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Sorry for the multiple responses - for some reason the browser is not letting me paste the rest into the text box? It keeps saying no internet connection. Not really sure what's hapening?
  • 0

Advertisements

#11
CWeezy2424
Posted 16 July 2010 - 12:05 AM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
OTL Extras logfile created on: 7/16/2010 1:35:05 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\asli\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 175.00 Mb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 25.33 Gb Free Space | 33.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAN-A4637BDFDA5
Current User Name: asli
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
  • 0

#12
CWeezy2424
Posted 16 July 2010 - 12:09 AM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{588164FC-552A-4FB0-A9EB-3D193EF72571}" = Vz In Home Agent
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 4.20 E1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM_6" = AIM 6
"avast!" = avast! Antivirus
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"ERUNT_is1" = ERUNT 1.1j
"ESPN RunTime" = ESPN RunTime
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iDump" = iDump (Backing up your iPod)
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"iPowerHour_is1" = iPowerHour 3.01
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.12
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"SpywareGuard_is1" = SpywareGuard v2.2
"uTorrent" = µTorrent
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Online Help and Support" = Verizon Online Help and Support
"ViewpointMediaPlayer" = Viewpoint Media Player
"WBFS Manager 3.0" = WBFS Manager 3.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"YInstHelper" = Yahoo! Install Manager
  • 0

#13
CWeezy2424
Posted 16 July 2010 - 12:11 AM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2/13/2008 5:28:11 PM | Computer Name = HAN-A4637BDFDA5 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 2/13/2008 5:28:11 PM | Computer Name = HAN-A4637BDFDA5 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 2/13/2008 5:28:15 PM | Computer Name = HAN-A4637BDFDA5 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 2/13/2008 5:28:17 PM | Computer Name = HAN-A4637BDFDA5 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 2/13/2008 5:28:17 PM | Computer Name = HAN-A4637BDFDA5 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 2/13/2008 5:28:26 PM | Computer Name = HAN-A4637BDFDA5 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 3/17/2010 5:15:46 PM | Computer Name = HAN-A4637BDFDA5 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: SessionID not found
- global map corrupted??, 00005129.

Error - 3/17/2010 5:15:51 PM | Computer Name = HAN-A4637BDFDA5 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.
  • 0

#14
RKinner
Posted 16 July 2010 - 01:00 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall

"uTorrent" = µTorrent
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5

Copy the text in the code box by highlighting and Ctrl + c 

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [RecordNow!] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
O33 - MountPoints2\{f9ef5810-ed72-11dd-9e95-000fb001e5a4}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{f9ef5810-ed72-11dd-9e95-000fb001e5a4}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:


  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Start >All Programs> Accessories> Command Prompt. Copythe following bolded command, then right click and Paste then hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron
  • 0

#15
CWeezy2424
Posted 16 July 2010 - 08:01 PM

CWeezy2424

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Results of OTL Run Fix

All processes killed
========== OTL ==========
Service RimUsb stopped successfully!
Service RimUsb deleted successfully!
File C:\WINDOWS\System32\Drivers\RimUsb.sys not found.
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RecordNow! deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9ef5810-ed72-11dd-9e95-000fb001e5a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9ef5810-ed72-11dd-9e95-000fb001e5a4}\ not found.
File E:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9ef5810-ed72-11dd-9e95-000fb001e5a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9ef5810-ed72-11dd-9e95-000fb001e5a4}\ not found.
File E:\slacker.synclauncher.exe not found.
AppMgmt removed from NetSvcs value successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: asli
->Temp folder emptied: 12074742 bytes
->Temporary Internet Files folder emptied: 3246382 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4071358 bytes
->Flash cache emptied: 840 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 12492124 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 10153 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36482767 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.00 mb

Error: Unable to interpret <[Reboot> in the current context!

OTL by OldTimer - Version 3.2.9.0 log created on 07162010_215320

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\asli\Local Settings\Temp\~DF3E61.tmp not found!
File\Folder C:\Documents and Settings\asli\Local Settings\Temp\~DFBA1F.tmp not found!
File\Folder C:\Documents and Settings\asli\Local Settings\Temp\~DFE6B7.tmp not found!
File\Folder C:\Documents and Settings\asli\Local Settings\Temp\~DFE6D4.tmp not found!
File\Folder C:\Documents and Settings\asli\Local Settings\Temp\~DFE809.tmp not found!
File\Folder C:\Documents and Settings\asli\Local Settings\Temp\~DFE838.tmp not found!
File\Folder C:\Documents and Settings\asli\Local Settings\Temp\~DFEA90.tmp not found!
File\Folder C:\Documents and Settings\asli\Local Settings\Temp\~DFEBF6.tmp not found!
C:\Documents and Settings\asli\Local Settings\Temporary Internet Files\Content.IE5\IZ32EPB4\like[1].htm moved successfully.
C:\Documents and Settings\asli\Local Settings\Temporary Internet Files\Content.IE5\A1HVJ62I\Computer-infected-not-sure-viruses-specifically-t282181[1].html moved successfully.
C:\Documents and Settings\asli\Local Settings\Temporary Internet Files\Content.IE5\044395JI\de[1].htm moved successfully.
C:\Documents and Settings\asli\Local Settings\Temporary Internet Files\Content.IE5\044395JI\iframe[1].htm moved successfully.
C:\Documents and Settings\asli\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP