Jump to content

Squeeky

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Dustin, In an effort to get Malwarebytes to run, I removed the hard drive from the desktop and attached by usb to a laptop, and ran malwarebyes, spybot, and several other AV programs. When I reinstalled the hard drive and attempted to power up the unit, it wouldnt respond, then let out the largest crack/pop I have ever heard. Needless to say, I am on hold with fixing this problem that has now become a bigger problem. Off topic, have you ever heard of a desktop making such a loud electrical pop, and if so, an guesses to what it might be? I appreciate your help with this and hope to continue the conversation when I can determine what has gone wrong.
  2. Hi Dustin, Quick issue with GMER. When I double click on it, it begins running on its own, runs for about 45 seconds, tells me there is indeed a rootkit, asks if I want to scan the entire computer, which I said yes. When it is completed, and I hit the FILES tab like you requested, it does not have any files located on that particular page, just a MY COMPUTER icon and C Drive icon, both of which dont offer any browsing options, so I am having difficulties browsing for the "C:\Program Files\Common Files\System " that you requested. Only the PROCESSES tab offers any info, but not what you requested? Am I looking in the wrong place or running the software incorrectly? Thank You.
  3. Dustin, Here's the Hijackthis log. Thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:54:15, on 11/13/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dns\bin\named.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\TrojanHunter 5.0\THGuard.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe H:\jjhjghj.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080;https=localhost:8080 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60 O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 5567 bytes
  4. Dustin, Here is the GMER log, I'll put the Hijackthis log in the next post. Thanks! GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-13 07:07:06 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- Code E1BEC450 ZwEnumerateKey Code E1BEC530 ZwFlushInstructionCache Code F40A9EAB pIofCallDriver ---- Kernel code sections - GMER 1.0.14 ---- PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP E1BEC454 PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP E1BEC534 ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 2F, 5F ] .text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 32, 5F ] .text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 35, 5F ] .text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1332] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 29, 5F ] .text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C6, 84 ] .text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F220F5A .text C:\WINDOWS\Explorer.EXE[1332] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\Explorer.EXE[1332] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F370F5A .text C:\WINDOWS\Explorer.EXE[1332] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\Explorer.EXE[1332] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1332] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 17, 5F ] .text C:\WINDOWS\Explorer.EXE[1332] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\Explorer.EXE[1332] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\Explorer.EXE[1332] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F130F5A .text C:\WINDOWS\Explorer.EXE[1332] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F250F5A .text C:\WINDOWS\Explorer.EXE[1332] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\Explorer.EXE[1332] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00AB000A .text C:\WINDOWS\Explorer.EXE[1332] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00AA000A .text C:\WINDOWS\Explorer.EXE[1332] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00AD000A .text C:\WINDOWS\Explorer.EXE[1332] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 32, 5F ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 35, 5F ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 38, 5F ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 2F, 5F ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 2C, 5F ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B5, 84 ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F220F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F250F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 1A, 5F ] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F130F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F160F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1424] shell32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F280F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 32, 5F ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 35, 5F ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 38, 5F ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 2F, 5F ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 19, 85 ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F220F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F250F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3D0F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F3A0F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1F0F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F1C0F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F130F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F160F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0D0F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[1460] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F280F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 32, 5F ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 35, 5F ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 38, 5F ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 2F, 5F ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 84, 84 ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3D0F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F3A0F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1F0F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F1C0F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F130F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F160F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F220F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F250F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F280F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0D0F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\PESTPA~1\PPControl.exe[1476] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 2F, 5F ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 32, 5F ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 35, 5F ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 30, 84 ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F220F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F250F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3A0F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F370F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1F0F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F1C0F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F130F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F160F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0D0F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[1484] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F0A0F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 32, 5F ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 35, 5F ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 38, 5F ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 2F, 5F ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 2C, 5F ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 69, 87 ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 3F, FC, C3, 83 ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F220F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F250F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3D0F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F3A0F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1F0F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 1A, 5F ] .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F1C0F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F130F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F160F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0D0F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F070F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F0A0F5A .text C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe[1492] shell32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F280F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 32, 5F ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 35, 5F ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 38, 5F ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 2F, 5F ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 2C, 5F ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 52, 84 ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] user32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3D0F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] user32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F3A0F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] user32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1F0F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] user32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] user32.dll!SendInput + 4 7E42F144 2 Bytes [ 1A, 5F ] .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] user32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F1C0F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] user32.dll!mouse_event 7E46673F 6 Bytes JMP 5F130F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] user32.dll!keybd_event 7E466783 6 Bytes JMP 5F160F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F220F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F250F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] shell32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F280F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0D0F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F070F5A .text C:\Program Files\TrojanHunter 5.0\THGuard.exe[2200] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 32, 5F ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 35, 5F ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 38, 5F ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 2F, 5F ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 2C, 5F ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F7, 86 ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] user32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] user32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] user32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] user32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] user32.dll!SendInput + 4 7E42F144 2 Bytes [ 1A, 5F ] .text C:\Program Files\Skype\Phone\Skype.exe[2252] user32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] user32.dll!mouse_event 7E46673F 6 Bytes JMP 5F130F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] user32.dll!keybd_event 7E466783 6 Bytes JMP 5F160F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F220F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F250F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] shell32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F280F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F070F5A .text C:\Program Files\Skype\Phone\Skype.exe[2252] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 32, 5F ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 35, 5F ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 38, 5F ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 2F, 5F ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 61, 85 ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F220F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F250F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3D0F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F3A0F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1F0F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F1C0F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F130F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F160F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F280F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0D0F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe[2276] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2360] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 32, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2360] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2360] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 35, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2360] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2360] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 38, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2360] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2360] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 2F, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2360] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2360] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2360] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 1E, 84 ] .text C:\WINDOWS\system32\wscntfy.exe[2360] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2360] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2360] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wscntfy.exe[2360] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F0A0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 34, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 37, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 3A, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 31, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 2E, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4E, 84 ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F3F0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F3C0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F1F0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 1A, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F1C0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F130F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F160F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F220F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F250F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F0D0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F070F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F0A0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[2372] shell32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F280F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 51, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 54, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 57, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 4E, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 4B, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 40, 89 ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F270F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F5C0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F590F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F3D0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 38, 5F ] .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F3A0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F2C0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F2F0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F440F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F240F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F1E0F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F210F5A .text C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[2384] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 6 Bytes JMP 5F470F5A .text H:\hghghg.exe[3808] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ] .text H:\hghghg.exe[3808] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 26, 5F ] .text H:\hghghg.exe[3808] ntdll.dll!NtOpenProcess 7C90D5E0 3 Bytes [ FF, 25, 1E ] .text H:\hghghg.exe[3808] ntdll.dll!NtOpenProcess + 4 7C90D5E4 2 Bytes [ 29, 5F ] .text H:\hghghg.exe[3808] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ] .text H:\hghghg.exe[3808] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 2C, 5F ] .text H:\hghghg.exe[3808] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ] .text H:\hghghg.exe[3808] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 23, 5F ] .text H:\hghghg.exe[3808] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ] .text H:\hghghg.exe[3808] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 20, 5F ] .text H:\hghghg.exe[3808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BC, 83 ] .text H:\hghghg.exe[3808] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F070F5A .text H:\hghghg.exe[3808] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ] .text H:\hghghg.exe[3808] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F190F5A .text H:\hghghg.exe[3808] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F1C0F5A .text H:\hghghg.exe[3808] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 5F310F5A .text H:\hghghg.exe[3808] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5F2E0F5A .text H:\hghghg.exe[3808] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5F160F5A .text H:\hghghg.exe[3808] USER32.dll!SendInput 7E42F140 3 Bytes [ FF, 25, 1E ] .text H:\hghghg.exe[3808] USER32.dll!SendInput + 4 7E42F144 2 Bytes [ 11, 5F ] .text H:\hghghg.exe[3808] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5F130F5A .text H:\hghghg.exe[3808] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 5F0A0F5A .text H:\hghghg.exe[3808] USER32.dll!keybd_event 7E466783 6 Bytes JMP 5F0D0F5A .text H:\hghghg.exe[3808] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 5F370F5A .text H:\hghghg.exe[3808] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 5F3A0F5A .text H:\hghghg.exe[3808] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F340F5A ---- Devices - GMER 1.0.14 ---- Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Modules - GMER 1.0.14 ---- Module \systemroot\system32\drivers\TDSSmqlt.sys (*** hidden *** ) F40A8000-F40BA000 (73728 bytes) ---- Threads - GMER 1.0.14 ---- Thread 4:304 F40AAD66 ---- Services - GMER 1.0.14 ---- Service system32\drivers\TDSSserv.sys (*** hidden *** ) [sYSTEM] tdssserv <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\TDSSmqlt.sys (*** hidden *** ) [sYSTEM] TDSSserv.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\tdssserv Reg HKLM\SYSTEM\ControlSet001\Services\tdssserv@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\tdssserv@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\tdssserv@imagepath \systemroot\system32\drivers\TDSSserv.sys Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys@ driver Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdssserv.sys Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdssserv.sys@ driver Reg HKLM\SYSTEM\CurrentControlSet\Services\tdssserv Reg HKLM\SYSTEM\CurrentControlSet\Services\tdssserv@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\tdssserv@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\tdssserv@imagepath \systemroot\system32\drivers\TDSSserv.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSlrvd.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrxr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSrtqp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhyp.log Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkbi.log Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\tdssserv.sys Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\tdssserv.sys@ driver Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\tdssserv.sys Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\tdssserv.sys@ driver Reg HKLM\SYSTEM\ControlSet003\Services\tdssserv Reg HKLM\SYSTEM\ControlSet003\Services\tdssserv@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\tdssserv@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\tdssserv@imagepath \systemroot\system32\drivers\TDSSserv.sys Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSlrvd.dat Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrxr.dll Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSrtqp.dll Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhyp.log Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkbi.log Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 61 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid v3001 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x09 0x19 0x1F 0x16 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1 ---- EOF - GMER 1.0.14 ----
  5. Hi Dustin, I apologize, however, my problems are obvious complicated as I was only able to complete 1 item requested, everything else failed or was simply non-responsive. When I attempted to download Spybot, both IE and Firefox were redirected from any site that contained Spybot. Downloaded the exe file from a different (uninfected) computer and moved over by usb stick. Seemed to get about half way thru the installation, then error with "a connection with the server could not be established". Malwarebytes was the same issue as I mentioned originally. Redirected from all recommended sites, then when I was able to move the exe file over by usb stick it was completely non-responsive, almost like it was being blocked, so no scan/results were possible. Although I was lucky enough to not get redirected, PandaActive Scan would get about half way, then when attempting to "update" would error out. ESET was continously redirected, no luck getting anywhere near it. OTList was the only results I was able to get for you, OTLISTIT TEXT first, then EXTRAS following below that: OTListIt.Txt Extras.Txt OTListIt.Txt Extras.Txt
  6. Hi Dustin, I apologize, however, my problems are obvious complicated as I was only able to complete 1 item requested, everything else failed or was simply non-responsive. When I attempted to download Spybot, both IE and Firefox were redirected from any site that contained Spybot. Downloaded the exe file from a different (uninfected) computer and moved over by usb stick. Seemed to get about half way thru the installation, then error with "a connection with the server could not be established". Malwarebytes was the same issue as I mentioned originally. Redirected from all recommended sites, then when I was able to move the exe file over by usb stick it was completely non-responsive, almost like it was being blocked, so no scan/results were possible. Although I was lucky enough to not get redirected, PandaActive Scan would get about half way, then when attempting to "update" would error out. ESET was continously redirected, no luck getting anywhere near it. OTList was the only results I was able to get for you, OTLISTIT TEXT first, then EXTRAS following below that:
  7. Hello Everyone, I was directed to post my problem here. I know I have a trojan, I believe it is AntivirusPro 2009. Problems include redirecting search engines, and not allowing me to get to the MalwareBytes.org site at all. I cannot install MWAB either, and took the advice of others and changed the names of the installer, and that would not work either. I am definitely stuck, what a helpless feeling, this trojan is very smart. Any advice is greatly appreciated, thank you.
  8. Hello Everyone, From everything I have googled, I have a trojan, specifically I think it is AntivirusPro 2008. Everything on the internet pointed me to install and run Malwarebytes. I soon found out, that on the infected computer, I could neither install, run, or even get to the Malwarebytes.org website. All other websites were easily accessed. I tried putting the installer on a disk, then installing it from that, and that wouldnt work either. Safe mode was the same result. This trojan, unfortunately is smart and doesnt want me installing Malwarebytes or even using the webiste. Has anyone ever run into this, and if so, how did you deal with it, because I am at a total loss. Thank You.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.