Jump to content

Computer is running very slow


XCCrazy

Recommended Posts

Hi there, I was here many months ago and you helped my greatly in cleaning my computer. Well it appears to be that time again. Programs are taking a long time to boot up, especially internet web pages. Internet Explorer and Firefox are both used on this machine. If needed I can get everyone on board with Firefox. I've run AVG Virus scan and Malwarebytes scan and nothing pops up. I'm hoping you can help. If you need anything else let me know...

Thanks.

Arlen

==========

Malware Log File

==========

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5113

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/14/2010 10:33:26 AM

mbam-log-2010-11-14 (10-33-26).txt

Scan type: Quick scan

Objects scanned: 211755

Time elapsed: 30 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

=============

DDS/GMER File

=============

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-11-17 20:23:49

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.

Running: xmsfdf55.exe; Driver: C:\DOCUME~1\Arlen\LOCALS~1\Temp\pwloypog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF5C45CD6]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF5C45CF0]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF5C44E8C]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF5C451BC]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF5C44BCC]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF02CB6C0]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF5C455EE]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF5C4688C]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF5C4543E]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF5C44A4C]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF5C44EC0]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF5C45042]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF5C449A6]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF5C44B06]

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF5C44F86]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [4C, 4A, C4, F5, C0, 4E, C4, ...]

PAGE ntkrnlpa.exe!IoCreateDevice 805758EE 5 Bytes JMP F72ACFFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENPNP NDIS.SYS!NdisRegisterProtocol F727D17F 5 Bytes JMP F72ACE0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENPNP NDIS.SYS!NdisOpenAdapter F727D399 5 Bytes JMP F72AD394 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENPNP NDIS.SYS!NdisCloseAdapter F7287642 5 Bytes JMP F72ACF18 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENPNP NDIS.SYS!NdisDeregisterProtocol F7287821 5 Bytes JMP F72AD1B0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDSP NDIS.SYS!NdisReturnPackets F728A810 5 Bytes JMP F72ADC0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDSP NDIS.SYS!NdisRequest F728A97B 5 Bytes JMP F72AD5AC fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDSP NDIS.SYS!NdisSend F728D986 5 Bytes JMP F72AE58C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDSP NDIS.SYS!NdisSendPackets F728D9A3 5 Bytes JMP F72AE65E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDSP NDIS.SYS!NdisTransferData F728D9BE 5 Bytes JMP F72ADD0A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDCO NDIS.SYS!NdisCoCreateVc F7294186 5 Bytes JMP F72ACE76 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDCO NDIS.SYS!NdisCoDeleteVc F7295557 5 Bytes JMP F72ACEE4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

PAGENDCO NDIS.SYS!NdisCoSendPackets F7295AF1 5 Bytes JMP F72AE376 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5569360, 0x307F47, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\alg.exe[212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B6000C

.text C:\WINDOWS\System32\alg.exe[212] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B6100C

.text C:\WINDOWS\System32\alg.exe[212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B6200C

.text C:\WINDOWS\System32\alg.exe[212] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B6300C

.text C:\WINDOWS\System32\alg.exe[212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B6400C

.text C:\WINDOWS\System32\alg.exe[212] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B6A00C

.text C:\WINDOWS\System32\alg.exe[212] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B6700C

.text C:\WINDOWS\System32\alg.exe[212] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B6500C

.text C:\WINDOWS\System32\alg.exe[212] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B6600C

.text C:\WINDOWS\System32\alg.exe[212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B6800C

.text C:\WINDOWS\System32\alg.exe[212] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B6900C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E4000C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E4100C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E4200C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00E4300C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00E4900C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00E4700C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00E4500C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00E4600C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E4800C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E4400C

.text C:\Program Files\Google\Update\GoogleUpdate.exe[432] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00E4A00C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01EC000C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01EC100C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01EC200C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 01EC300C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01EC400C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 01ECA00C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 01EC700C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 01EC500C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 01EC600C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 01EC800C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[480] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 01EC900C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E9000C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E9100C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E9200C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00E9300C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00E9700C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00E9500C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00E9600C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E9800C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00E9900C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E9400C

.text C:\Program Files\Java\jre6\bin\jqs.exe[512] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00E9A00C

.text C:\WINDOWS\system32\nvsvc32.exe[788] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007F000C

.text C:\WINDOWS\system32\nvsvc32.exe[788] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007F100C

.text C:\WINDOWS\system32\nvsvc32.exe[788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007F200C

.text C:\WINDOWS\system32\nvsvc32.exe[788] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 007F300C

.text C:\WINDOWS\system32\nvsvc32.exe[788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007F400C

.text C:\WINDOWS\system32\nvsvc32.exe[788] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 007FA00C

.text C:\WINDOWS\system32\nvsvc32.exe[788] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 007F700C

.text C:\WINDOWS\system32\nvsvc32.exe[788] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 007F500C

.text C:\WINDOWS\system32\nvsvc32.exe[788] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 007F600C

.text C:\WINDOWS\system32\nvsvc32.exe[788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007F800C

.text C:\WINDOWS\system32\nvsvc32.exe[788] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 007F900C

.text C:\WINDOWS\system32\PnkBstrA.exe[800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01FB000C

.text C:\WINDOWS\system32\PnkBstrA.exe[800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 01FB100C

.text C:\WINDOWS\system32\PnkBstrA.exe[800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01FB200C

.text C:\WINDOWS\system32\PnkBstrA.exe[800] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 01FB300C

.text C:\WINDOWS\system32\PnkBstrA.exe[800] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 01FB700C

.text C:\WINDOWS\system32\PnkBstrA.exe[800] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 01FB500C

.text C:\WINDOWS\system32\PnkBstrA.exe[800] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 01FB600C

.text C:\WINDOWS\system32\PnkBstrA.exe[800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 01FB800C

.text C:\WINDOWS\system32\PnkBstrA.exe[800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01FB400C

.text C:\WINDOWS\system32\PnkBstrA.exe[800] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 01FB900C

.text C:\WINDOWS\system32\winlogon.exe[836] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 014A000C

.text C:\WINDOWS\system32\winlogon.exe[836] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 014A100C

.text C:\WINDOWS\system32\winlogon.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 014A200C

.text C:\WINDOWS\system32\winlogon.exe[836] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 014A300C

.text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 014A700C

.text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 014A500C

.text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 014A600C

.text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 014A800C

.text C:\WINDOWS\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 014A400C

.text C:\WINDOWS\system32\winlogon.exe[836] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 014AA00C

.text C:\WINDOWS\system32\winlogon.exe[836] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 014A900C

.text C:\WINDOWS\system32\lsass.exe[900] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E0000C

.text C:\WINDOWS\system32\lsass.exe[900] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00E0100C

.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E0200C

.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00E0300C

.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00E0700C

.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00E0500C

.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00E0600C

.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E0800C

.text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E0400C

.text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00E0A00C

.text C:\WINDOWS\system32\lsass.exe[900] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00E0900C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[944] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0039000C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[944] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0039100C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0039200C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[944] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0039300C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0039400C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[944] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0039900C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[944] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0039700C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[944] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0039500C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[944] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0039600C

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039800C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0093000C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0093100C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0093200C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0093300C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0093700C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0093500C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0093600C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0093800C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0093400C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0093A00C

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1096] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0093900C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B2000C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B2100C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B2200C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B2300C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B2700C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B2500C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B2600C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B2800C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B2400C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B2A00C

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1348] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B2900C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B3000C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B3100C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3200C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B3300C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B3700C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B3500C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B3600C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B3800C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B3400C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B3A00C

.text C:\ProgramData\Mattel\Watcher\jpjwatcher.exe[1552] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B3900C

.text C:\WINDOWS\Explorer.EXE[1632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B5000C

.text C:\WINDOWS\Explorer.EXE[1632] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B5100C

.text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B5200C

.text C:\WINDOWS\Explorer.EXE[1632] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B5300C

.text C:\WINDOWS\Explorer.EXE[1632] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B5700C

.text C:\WINDOWS\Explorer.EXE[1632] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B5500C

.text C:\WINDOWS\Explorer.EXE[1632] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B5600C

.text C:\WINDOWS\Explorer.EXE[1632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B5800C

.text C:\WINDOWS\Explorer.EXE[1632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B5400C

.text C:\WINDOWS\Explorer.EXE[1632] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B5A00C

.text C:\WINDOWS\Explorer.EXE[1632] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B5900C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0065000C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0065100C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0065200C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0065300C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0065700C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0065500C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0065600C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0065800C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0065400C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0065A00C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1844] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0065900C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0069000C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0069100C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0069200C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0069300C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0069700C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0069500C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0069600C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0069800C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0069400C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0069A00C

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1856] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0069900C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0088000C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0088100C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0088200C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0088300C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0088700C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0088500C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0088600C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0088800C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0088400C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0088A00C

.text C:\Program Files\Bonjour\mDNSResponder.exe[1892] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0088900C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0095000C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0095100C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0095200C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0095300C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0095700C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0095500C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0095600C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0095800C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0095400C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0095A00C

.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2092] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0095900C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C2000C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00C2100C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C2200C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00C2300C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00C2700C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00C2500C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00C2600C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C2800C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C2400C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00C2A00C

.text C:\Program Files\AVG\AVG10\avgtray.exe[2256] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00C2900C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008D000C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008D100C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008D200C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 008D300C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008D400C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 008D900C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 008D700C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 008D500C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 008D600C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008D800C

.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2304] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 008DA00C

.text C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE[2316] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0094000C

.text C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE[2316] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0094100C

.text C:\Program Files\AVG\AVG10\avgnsx.exe[2392] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE000C

.text C:\Program Files\AVG\AVG10\avgnsx.exe[2392] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BE100C

.text C:\Program Files\AVG\AVG10\avgnsx.exe[2392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE200C

.text C:\Program Files\AVG\AVG10\avgnsx.exe[2392] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00BE300C

.text C:\Program Files\AVG\AVG10\avgnsx.exe[2392] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BE400C

.text C:\Program Files\AVG\AVG10\avgnsx.exe[2392] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00BE900C

.text C:\Program Files\AVG\AVG10\avgnsx.exe[2392] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00BE700C

.text C:\Program Files\AVG\AVG10\avgnsx.exe[2392] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00BE500C

.text C:\Program Files\AVG\AVG10\avgnsx.exe[2392] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00BE600C

.text C:\Program Files\AVG\AVG10\avgnsx.exe[2392] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BE800C

.text C:\Program Files\AVG\AVG10\avgemcx.exe[2408] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A000C

.text C:\Program Files\AVG\AVG10\avgemcx.exe[2408] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007A100C

.text C:\Program Files\AVG\AVG10\avgemcx.exe[2408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007A200C

.text C:\Program Files\AVG\AVG10\avgemcx.exe[2408] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 007A300C

.text C:\Program Files\AVG\AVG10\avgemcx.exe[2408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007A400C

.text C:\Program Files\AVG\AVG10\avgemcx.exe[2408] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 007A900C

.text C:\Program Files\AVG\AVG10\avgemcx.exe[2408] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 007A700C

.text C:\Program Files\AVG\AVG10\avgemcx.exe[2408] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 007A500C

.text C:\Program Files\AVG\AVG10\avgemcx.exe[2408] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 007A600C

.text C:\Program Files\AVG\AVG10\avgemcx.exe[2408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007A800C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0098000C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0098100C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0098200C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0098300C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0098400C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0098A00C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0098700C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0098500C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0098600C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0098800C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[2588] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0098900C

.text C:\WINDOWS\ehome\ehtray.exe[2796] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003F000C

.text C:\WINDOWS\ehome\ehtray.exe[2796] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003F100C

.text C:\WINDOWS\ehome\ehtray.exe[2796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003F200C

.text C:\WINDOWS\ehome\ehtray.exe[2796] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003F300C

.text C:\WINDOWS\ehome\ehtray.exe[2796] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F400C

.text C:\WINDOWS\ehome\ehtray.exe[2796] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003FA00C

.text C:\WINDOWS\ehome\ehtray.exe[2796] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003F700C

.text C:\WINDOWS\ehome\ehtray.exe[2796] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003F500C

.text C:\WINDOWS\ehome\ehtray.exe[2796] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003F600C

.text C:\WINDOWS\ehome\ehtray.exe[2796] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F800C

.text C:\WINDOWS\ehome\ehtray.exe[2796] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 003F900C

.text C:\WINDOWS\stsystra.exe[2800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0098000C

.text C:\WINDOWS\stsystra.exe[2800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0098100C

.text C:\WINDOWS\stsystra.exe[2800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0098200C

.text C:\WINDOWS\stsystra.exe[2800] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0098300C

.text C:\WINDOWS\stsystra.exe[2800] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0098700C

.text C:\WINDOWS\stsystra.exe[2800] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0098500C

.text C:\WINDOWS\stsystra.exe[2800] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0098600C

.text C:\WINDOWS\stsystra.exe[2800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0098800C

.text C:\WINDOWS\stsystra.exe[2800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0098400C

.text C:\WINDOWS\stsystra.exe[2800] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0098A00C

.text C:\WINDOWS\stsystra.exe[2800] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0098900C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009C000C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009C100C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C200C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 009C300C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009C400C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 009CA00C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 009C700C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 009C500C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 009C600C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009C800C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2864] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 009C900C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 021B000C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3060] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 021B100C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 021B200C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3060] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 021B300C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 021B400C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3060] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 021B900C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3060] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 021B700C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3060] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 021B500C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3060] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 021B600C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe[3060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 021B800C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02BE000C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02BE100C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02BE200C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02BE300C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 02BE700C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 02BE500C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 02BE600C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02BE800C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02BE400C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 02BEA00C

.text C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe[3100] OLE32.DLL!CoCreateInstanceEx 774FF154 5 Bytes JMP 02BE900C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DD000C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00DD100C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD200C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00DD300C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00DD400C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00DD900C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00DD700C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00DD500C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00DD600C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00DD800C

.text C:\Program Files\Digital Line Detect\DLG.exe[3156] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00DDA00C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B3000C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B3100C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3200C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B3300C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B3400C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B3A00C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B3700C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B3500C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B3600C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B3800C

.text C:\WINDOWS\ehome\mcrdsvc.exe[3160] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B3900C

.text C:\Updater.exe[3272] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B3000C

.text C:\Updater.exe[3272] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B3100C

.text C:\Updater.exe[3272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3200C

.text C:\Updater.exe[3272] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B3300C

.text C:\Updater.exe[3272] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B3700C

.text C:\Updater.exe[3272] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B3500C

.text C:\Updater.exe[3272] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B3600C

.text C:\Updater.exe[3272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B3800C

.text C:\Updater.exe[3272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B3400C

.text C:\Updater.exe[3272] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B3A00C

.text C:\Updater.exe[3272] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B3900C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B3000C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B3100C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3200C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B3300C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B3900C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B3700C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B3500C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B3600C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B3800C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B3400C

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3328] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B3A00C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02AE000C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 02AE100C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02AE200C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02AE300C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 02AE700C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 02AE500C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 02AE600C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02AE800C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02AE400C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 02AEA00C

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3388] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 02AE900C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003C000C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003C100C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C200C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003C300C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C400C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003C900C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003C700C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003C500C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003C600C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C800C

.text C:\Program Files\iTunes\iTunesHelper.exe[3820] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 003CA00C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003C000C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003C100C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C200C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003C300C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C400C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003CA00C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003C700C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003C500C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003C600C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C800C

.text c:\program files\common files\installshield\updateservice\isuspm.exe[4036] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 003C900C

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4132] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003F000C

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4132] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003F100C

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4132] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003F200C

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4132] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003F300C

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4132] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 003F700C

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4132] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003F500C

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4132] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 003F600C

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F800C

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F400C

.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4132] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 003F900C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0098000C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0098100C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0098200C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0098300C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0098400C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0098A00C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0098700C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0098500C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0098600C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0098800C

.text C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe[4328] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0098900C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Mary\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.sears.com.\settings.sol 84 bytes

---- EOF - GMER 1.0.15 ----

Attach.zip

Link to post
Share on other sites

Hello Arlen! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Please post your DDS log file.

Link to post
Share on other sites

DDS (Ver_10-11-10.01) - NTFSx86

Run by Arlen at 12:33:17.32 on Sun 11/14/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.331 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Charter Security Suite 9.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: Charter Security Suite 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe

C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE

C:\Program Files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Updater.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\ProgramData\Mattel\Watcher\jpjwatcher.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Documents and Settings\Arlen\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=15450&l=dis

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\charter high-speed security suite\nrs\iescript\baselitmus.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter high-speed security suite\nrs\iescript\baselitmus.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_Plugin.exe -update plugin

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [nwiz] nwiz.exe /install

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iRiver Updater] \Updater.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [F-Secure Manager] "c:\program files\charter high-speed security suite\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\charter high-speed security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [JPJWatcher] c:\programdata\mattel\watcher\jpjwatcher.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\yahoo! autosync\AutosyncForYahoo.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\program files\charter high-speed security suite\fsps\program\FSLSP.DLL

Trusted Zone: turbotax.com

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151890385625

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arlen\applic~1\mozilla\firefox\profiles\tvhzscdc.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT4&o=15447&locale=en_US&q=

FF - component: c:\documents and settings\arlen\application data\mozilla\firefox\profiles\tvhzscdc.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\charter high-speed security suite\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll

FF - plugin: c:\documents and settings\arlen\application data\mozilla\firefox\profiles\tvhzscdc.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\mary\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\mary\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2008-11-28 41624]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-8-6 80000]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter high-speed security suite\hips\drivers\fshs.sys [2008-11-28 68064]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\charter high-speed security suite\anti-virus\fsgk32st.exe [2008-8-6 215648]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter high-speed security suite\anti-virus\minifilter\fsgk.sys [2008-8-6 124072]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\charter high-speed security suite\orsp client\fsorsp.exe [2008-11-28 64016]

S2 gupdate1c9a033c9c52dae;Google Update Service (gupdate1c9a033c9c52dae);c:\program files\google\update\GoogleUpdate.exe [2009-3-8 133104]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-2 517448]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\charter high-speed security suite\anti-virus\win2k\fsfilter.sys [2008-8-6 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\charter high-speed security suite\anti-virus\win2k\fsrec.sys [2008-8-6 25184]

S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-6-23 126976]

S4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-6-23 122368]

S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-6-23 245760]

S4 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-11-03 03:03:30 -------- d-----w- c:\docume~1\arlen\applic~1\AVG

2010-11-03 02:59:53 -------- d-----w- c:\docume~1\arlen\locals~1\applic~1\AVG Security Toolbar

2010-11-03 02:54:42 -------- d-----w- c:\docume~1\arlen\applic~1\AVG10

2010-11-03 02:53:37 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2010-11-03 02:53:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-11-03 02:52:04 -------- d-----w- c:\windows\system32\drivers\AVG

2010-11-03 02:52:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2010-11-03 02:51:10 -------- d-----w- c:\program files\AVG

2010-11-03 02:42:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

==================== Find3M ====================

2010-11-02 22:35:54 256 ----a-w- c:\windows\system32\pool.bin

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-23 15:12:44 398744 ----a-r- c:\windows\system32\cpnprt2.cid

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 12:43:27.78 ===============

Link to post
Share on other sites

Step 1

First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping AVG , so please uninstall Charter Security Suite .

Step 2

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smorgasbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 3

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 5

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. Rootkit Unhooker log
  3. a new fresh DDS log only

Link to post
Share on other sites

Thank you so much for your continued assistance.

1. Removed Charter Security Suite

2. Removed BitTorrent (forgot that was there)

3. Removed Ask Toolbar

4. Ran Malwarebytes program - found no errors or programs

5. Ran Rootkit

Malwarebytes

==========

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5184

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/24/2010 3:24:46 PM

mbam-log-2010-11-24 (15-24-46).txt

Scan type: Quick scan

Objects scanned: 212030

Time elapsed: 18 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Rootkit

======

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xF5894000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6856704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 163.75 )

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5783552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 163.75 )

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF56DE000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)

0xEE6F0000 C:\WINDOWS\system32\drivers\sthda.sys 1015808 bytes (SigmaTel, Inc., NDRC)

0xEC07F000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 872448 bytes

0xF73A0000 iastor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)

0xF5637000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xF72B4000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF01CC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF555B000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xEC3DA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xBA593000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xEC36A000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xBA68B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF0190000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0xF5800000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)

0xF55B9000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF74E3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF7287000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xEE657000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB9109000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)

0xF5858000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xEE6A4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF748D000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xF5611000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)

0xEC344000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xEE6CC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF5834000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF57DD000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xEE682000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF7380000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF74B3000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF726D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF7475000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xBA7D2000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7341000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF55FA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xBA7EA000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)

0xBA7BC000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7358000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)

0xBA416000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF5880000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xEC433000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF736E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF74D2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF55E9000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF029C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF7752000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF1B60000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xEC4A6000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF1B40000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF7652000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF7762000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF7632000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF15FF000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0xF7782000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xEE031000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7622000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF7772000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xB9FC8000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)

0xEE051000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)

0xF76D2000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)

0xF7612000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF77B2000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA130000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0xF6CC3000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF7672000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)

0xF7642000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xEC4D6000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF7742000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF7792000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xEE071000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB8231000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF7662000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF02BC000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7982000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF085B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF797A000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF6322000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)

0xF0873000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7892000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF79AA000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)

0xED3D8000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)

0xF087B000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)

0xF798A000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF79B2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF79BA000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF7972000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF086B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF78EA000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)

0xF78A2000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)

0xF0863000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF789A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF799A000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF79A2000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7992000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF792A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xEDB7A000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7A26000 ifp800.sys 16384 bytes (iRiver, Inc., iRiver Internet Audio Player USB Driver)

0xEC5C0000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF7B0A000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)

0xF7ACA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xED531000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7A22000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xEC970000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF0FBF000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF7208000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xBA63F000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)

0xEC960000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF7200000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF1DC1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF0FC7000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xED481000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)

0xF7B9A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7B96000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)

0xF7B5A000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7B16000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xF7B98000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7B12000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7B9C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7B9E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7B3E000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)

0xF7B40000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7B18000 C:\WINDOWS\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7B14000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7CB4000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7C43000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)

0xF7D5A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7C4B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7BDA000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

0x05150000 Hidden Image-->msvcm80.dll [ EPROCESS 0x86450DA0 ] PID: 3224, 507904 bytes

0x05290000 Hidden Image-->ESCliWicMDRW.esx [ EPROCESS 0x86450DA0 ] PID: 3224, 761856 bytes

0x04E00000 Hidden Image-->ESCliFacebookAPI.esx [ EPROCESS 0x86450DA0 ] PID: 3224, 815104 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\All Users\Documents\TaxReturn.pdf:FS_dl_url:$DATA

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\13PB7HAP\;mtype=standard;sz=160x600;tile=2;u=%7Csec0-shows%7Csec1-rwrr_challenge_duel2%7Cpg-series%7Ctag-adj%7Cmtype-standard%7Csz-160x600%7Ctile-2%7C;ord=212607898997336[1]8

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\13PB7HAP\to=v;ta=left;tcs=5;kw=otherrespiratory,8107670,pulmonary_actinomycosis;k1=o

therrespiratory;k2=respiratory;k3=health;pos=mp1;tile=4;sz=290x50;ord=8929754426

1

86416[1]]

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\17388P4V\e744ca962452b9f3660bf2cdd6981;ord=0664XMRBJ15JTZ94KP8W;s=i0;s=i1;s=i2;s=i3;

s=i4;s=i5;s=i7;s=i8;s=i9;s=1009;s=32;s=u8;s=u5;s=m4;s=u9;s=m1;s=u15;z=108;z=100;

t

ile=2[1]9

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\1AENP1FX\1;k=97;k=137;k=159;k=214;k=228;k=239;k=621;ssngroup=0;status=visitor;u=[CS]

v1%7C266FA969051D2476-60000108A02EBBBC[CE];tile=1;sz=468x60;pos=1;ord=7335696008834780[1]1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\1AENP1FX\;k=201;k=214;k=228;k=239;k=245;k=549;k=621;ssngroup=0;status=visitor;u=[CS]

v1%7C266FA969051D2476-60000108A02EBBBC[CE];tile=2;sz=468x60;pos=2;ord=3192208597844343[1]1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\1AENP1FX\=10515;qc=d;qc=t;qc=252;qc=240;qc=2901;qc=2835;qc=1777;qc=1663;qc=296;qc=23

6;ch=homepage;ptype=channel;sz=728x90;dcove=d;dcopt=ist;pgurl=1;tile=1;ord=20801

7

83332[1]1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\1AENP1FX\SUm5VUVV6ajJRSUFDSjA5BG5fZ3BzAzAEbl92cHMDMARvcmlnaW4Dc3JwBHF1ZXJ5A3doeSBpcy

BNY0ludHlyZSBsaWJyYXJ5ICBvZiBlYXUgY2xhaXJlb24gcGlsbGFycwRzYW8DMQR2dGVzdGlkA2F2Zw--[1].htm5

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\3SIR2Q4S\;kw=N;kw=Pumpkin;kw=Pumpkin-Waffles-104264;kw=Restaurant;kw=Spice;kw=ad;kw=all;kw=bottom;kw=food;kw=gt;kw=recipes;kw

=rid;kw=views;!c=bottom;ord=2020624375483559;[1]4

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\4S1ZIFKZ\ar.search;dcopt=ist;ssngroup=0;status=visitor;u=[CS]v1%7C266FA969051D2476-60000108A02EBBBC[CE];kw=pumpkin%20waffles;tile=1;sz=655x36;pos=1;ord=389811120201378[1].75m

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\60NKHVO5\0494;rsseg=10515;qc=d;qc=t;qc=252;qc=240;qc=2901;qc=2835;qc=1777;qc=1663;qc=2

96;qc=236;ch=homepage;ptype=channel;sz=101x1;dcove=d;pgurl=1;tile=3;ord=98425931

8

455[1]7

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\60NKHVO5\;k=166;k=201;k=214;k=216;k=228;k=245;k=621;ssngroup=0;status=visitor;u=[CS]

v1%7C266FA969051D2476-60000108A02EBBBC[CE];tile=3;sz=468x60;pos=3;ord=6385312406920449[1]7

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\6XWAECHJ\40;qc=2901;qc=2835;qc=1777;qc=1663;qc=296;qc=236;ch=homepage;ptype=channel;

sz=300x250%2c300x600%2c336x280%2c336x700;dcove=d;pos=1;pgurl=1;tile=4;ord=158530560230[1]4

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\6XWAECHJ\40;qc=2901;qc=2835;qc=1777;qc=1663;qc=296;qc=236;ch=homepage;ptype=channel;

sz=300x250%2c300x600%2c336x280%2c336x700;dcove=d;pos=1;pgurl=1;tile=4;ord=984259318455[1]4

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\6XWAECHJ\;qc=2901;qc=2835;qc=1777;qc=1663;qc=296;qc=236;ch=homepage;ptype=channel;sz

=240x52;dcove=d;cmpos=globalheader;cmtyp=tout;dcopt=ist;pgurl=1;tile=2;ord=20801

7

83332[1]m

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\6XWAECHJ\;subj=couples;subj=caughtintheact;celeb=audrinapatridge;sz=728x90;path=peop

le;path=article;dcove=d;dcopt=ist;pgurl=1;rhost=www.people[1].com;tile=2;ord=785

5

07972307m

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\BZ2NOK1P\qc=2901;qc=2835;qc=1777;qc=1663;qc=296;qc=236;ch=homepage;ptype=channel;sz=

240x52;dcove=d;cmpos=globalheader;cmtyp=tout;dcopt=ist;pgurl=1;tile=2;ord=158530

5

60230[1]7

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\DJF5EGFW\0494;rsseg=10515;qc=d;qc=t;qc=252;qc=240;qc=2901;qc=2835;qc=1777;qc=1663;qc=2

96;qc=236;ch=homepage;ptype=channel;sz=101x1;dcove=d;pgurl=1;tile=3;ord=15853056

0

230[1]1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\DJF5EGFW\c=252;qc=240;qc=2901;qc=2835;qc=1777;qc=1663;qc=296;qc=236;ch=homepage;ptyp

e=channel;sz=310x185;dcove=d;cmpos=homepage;cmtyp=tout;pgurl=1;tile=5;ord=984259

3

18455[1]1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\FCW1ODCC\;k=166;k=203;k=228;k=239;k=245;k=258;k=621;ssngroup=0;status=visitor;u=[CS]

v1%7C266FA969051D2476-60000108A02EBBBC[CE];tile=2;sz=468x60;pos=2;ord=6202824704680929[1]5

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\FCW1ODCC\yi;src=1943517;type=pagev322;cat=inter899;ord=65703647898;u=cR3J0QOk7PtB1+N

LcFVD2fOfK2sSZKiCFelDOM3NwdGDSlOXWZyfsrjXaX6DFpcH9IeYEnd8Hed2VP6kMgkpLJDPOYxO9pl

S

;[1].htm1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\HGX2JIMC\f1a44a7644267a3e8d21ee5ef3371;ord=145HNWF8918PCBRDNW0T;s=i0;s=i1;s=i2;s=i3;

s=i4;s=i5;s=i7;s=i8;s=i9;s=1009;s=32;s=u9;s=u8;s=m1;s=u15;s=m4;s=u5;z=108;z=100;

t

ile=1[1]1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\HGX2JIMC\Pumpkin-Waffles-104264;kw=Restaurant;kw=Spice;kw=ad;kw=all;kw=cookstool;kw=food;kw=gt;kw=recipes

;kw=rid;kw=top;kw=views;!c=top;!c=cookstool;ord=2020624375483559;[1]1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\JCWF9GJD\240;qc=2901;qc=2835;qc=1777;qc=1663;qc=296;qc=236;ch=homepage;ptype=channel

;sz=300x250%2c300x600%2c336x280%2c336x700;dcove=d;pos=1;pgurl=1;tile=4;ord=20801783332[1]8

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\JCWF9GJD\4;rsseg=10515;qc=d;qc=t;qc=2902;qc=2836;qc=2835;qc=1778;qc=1777;qc=1663;qc=

1593;qc=296;ch=homepage;ptype=channel;sz=101x1;dcove=d;pgurl=1;tile=3;ord=293630

2

09430[1]8

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\JF3PLCE6\28;k=239;k=245;k=549;k=621;ssngroup=0;status=visitor;u=[CS]v1%7C266FA969051D2476-60000108A02EBBBC[CE];tile=4;sz=160x600,300x250,300x600,1x12;ord=3192208597844343

[1]9

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\PTGC9LAX\59;k=214;k=228;k=239;k=621;ssngroup=0;status=visitor;u=[CS]v1%7C266FA969051D2476-60000108A02EBBBC[CE];tile=4;sz=160x600,300x250,300x600,1x12;ord=7335696008834780

[1]1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\PTGC9LAX\;k=166;k=201;k=214;k=216;k=228;k=245;k=621;ssngroup=0;status=visitor;u=[CS]

v1%7C266FA969051D2476-60000108A02EBBBC[CE];tile=1;sz=468x60;pos=1;ord=6385312406920449[1]1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\V26F8GZS\1;k=97;k=137;k=159;k=214;k=228;k=239;k=621;ssngroup=0;status=visitor;u=[CS]

v1%7C266FA969051D2476-60000108A02EBBBC[CE];tile=3;sz=468x60;pos=3;ord=7335696008834780[1]6

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\V26F8GZS\SUm5VZFV6ajJSWUFDUG0uBG5fZ3BzAzAEbl92cHMDMARvcmlnaW4Dc3JwBHF1ZXJ5A3doeSBpcy

BNY0ludHlyZSBsaWJyYXJ5IG9mIGVhdSBjbGFpcmUgb24gcGlsbGFycwRzYW8DMQR2dGVzdGlkA2F2Zw--[1].htm9

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\V26F8GZS\VV0V6ajJUOEFEa0FiBG5fZ3BzAzAEbl92cHMDMARvcmlnaW4Dc3JwBHF1ZXJ5A2xpdHRsZSBuaW

FncmEgY3JlZWsgaGFzIHdoYXQga2luZCBvZiBmbHV2aWFsIGZlYXR1cmUEc2FvAzEEdnRlc3RpZANhdm

c-[1].htm1

!-->[Hidden] C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\ZRFBNUNG\71;k=72;k=83;k=90;k=106;k=214;k=222;k=246;k=621;ssngroup=0;status=visitor;u

=[CS]v1%7C266FA969051D2476-60000108A02EBBBC[CE];tile=5;sz=301x251;ord=7645342582588961[1]4

!-->[Hidden] C:\Documents and Settings\Owen\Local Settings\Temporary Internet Files\Content.IE5\QPUOZSYV\bob-geyser;pos=atf;tag=adj;mtype=standard;sz=120x60;tile=2;u=ga-spongebob-geyser%7Cpos-atf%7Ctag-adj%7Cmtype-standard%7Csz-120x60%7Ctile-2;ord=549758401957250700[1]l

!-->[Hidden] C:\Documents and Settings\Owen\Local Settings\Temporary Internet Files\Content.IE5\QPUOZSYV\easer%7Cga-the-penguins-of-madagascar-the-rise-of-blowhole%7Cgametype-action%7Cdemo-D%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-4;ord=492194304291901440[1].html

!-->[Hidden] C:\Documents and Settings\Owen\Local Settings\Temporary Internet Files\Content.IE5\QPUOZSYV\easer%7Cga-the-penguins-of-madagascar-the-rise-of-blowhole%7Cgametype-action%7Cdemo-D%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-4;ord=656777445484837000[1].html

!-->[Hidden] C:\Documents and Settings\Owen\Local Settings\Temporary Internet Files\Content.IE5\QPUOZSYV\easer%7Cga-the-penguins-of-madagascar-the-rise-of-blowhole%7Cgametype-action%7Cdemo-D%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-4;ord=911164418694543700[1].html

!-->[Hidden] C:\Documents and Settings\Owen\Local Settings\Temporary Internet Files\Content.IE5\QPUOZSYV\easer%7Cga-the-penguins-of-madagascar-the-rise-of-blowhole%7Cgametype-action%7Cdemo-D%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-4;ord=911333161660924500[1].html

!-->[Hidden] C:\Documents and Settings\Owen\Local Settings\Temporary Internet Files\Content.IE5\QPUOZSYV\egory-fan%7Cshow-fan%7Cga-fanboy-and-chum-chum-chimp-chomp%7Cgametype-action%7Cdemo-D%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3;ord=783266844371440400[1].html

!-->[Hidden] C:\Documents and Settings\Owen\Local Settings\Temporary Internet Files\Content.IE5\QPUOZSYV\pos-atf%7Ccat-2%7C!category-barn%7Cshow-barn%7Cga-by_tipping%7Cgametype-funny%7Cdemo-D%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-2;ord=837993265855690000[1].html

!-->[Hidden] C:\RECYCLER\S-1-5-21-749605751-697857195-3465574023-1005\Dc268.pdf:FS_dl_url:$DATA

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305747.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305748.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305749.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305750.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305751.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305752.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305753.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305754.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305755.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305756.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305757.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305758.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305759.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305760.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305761.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305762.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305763.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305764.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305765.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305766.cfg

!-->[Hidden] C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1509\A0305767.cfg

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x0002D884, Type: Inline - RelativeJump 0x80504884-->805048C1 [ntkrnlpa.exe]

ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]

[2600]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[2600]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[2600]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[2600]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[2600]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[2600]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]

[2600]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[264]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]

[3576]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]

DDS LOG

=======

DDS (Ver_10-11-10.01) - NTFSx86

Run by Arlen at 20:09:10.48 on Wed 11/24/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.319 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Updater.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\ProgramData\Mattel\Watcher\jpjwatcher.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Documents and Settings\Arlen\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=15450&l=dis

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [nwiz] nwiz.exe /install

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iRiver Updater] \Updater.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [JPJWatcher] c:\programdata\mattel\watcher\jpjwatcher.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: turbotax.com

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151890385625

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arlen\applic~1\mozilla\firefox\profiles\tvhzscdc.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: keyword.URL -

FF - component: c:\documents and settings\arlen\application data\mozilla\firefox\profiles\tvhzscdc.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\arlen\application data\mozilla\firefox\profiles\tvhzscdc.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\documents and settings\mary\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\mary\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

S2 gupdate1c9a033c9c52dae;Google Update Service (gupdate1c9a033c9c52dae);c:\program files\google\update\GoogleUpdate.exe [2009-3-8 133104]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-2 517448]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-14 38224]

S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-6-23 126976]

S4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-6-23 122368]

S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-6-23 245760]

S4 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

UnknownUnknown Normandy;Normandy; [x]

=============== Created Last 30 ================

2010-11-03 03:03:30 -------- d-----w- c:\docume~1\arlen\applic~1\AVG

2010-11-03 02:59:53 -------- d-----w- c:\docume~1\arlen\locals~1\applic~1\AVG Security Toolbar

2010-11-03 02:54:42 -------- d-----w- c:\docume~1\arlen\applic~1\AVG10

2010-11-03 02:53:37 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2010-11-03 02:53:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-11-03 02:52:04 -------- d-----w- c:\windows\system32\drivers\AVG

2010-11-03 02:52:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2010-11-03 02:51:10 -------- d-----w- c:\program files\AVG

2010-11-03 02:42:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

==================== Find3M ====================

2010-11-02 22:35:54 256 ----a-w- c:\windows\system32\pool.bin

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

============= FINISH: 20:10:22.81 ===============

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

I get a warning message when trying to run Combo-Fix.

"ComboFix cannot run when AVG is installed.

This is due to AVG's targeting of ComboFix's files/processes.

It would be dangerous to continue.

Please uninstall AVG or use another tool"

I had temporarily disabled AVG using the link you previously provided too.

Please advide -_-

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.