The issue: I lent my laptop to a non-computer-friendly friend who accidentally downloaded a lot of spyware and malware disguised as things like "PC Health Care". I removed most (if not all) of these suspicious programs through the "Add/Remove/Change Programs" in Control Panel, and also ran an AVG scan which didn't pick anything up. I'm quite sure that there's still traces of the virus or spyware still on the computer because it's running slowly, and I'll need to refresh the page several times in order to get it to connect to the internet (connected via wifi). Any help would be greatly appreciated.
1. Copy and paste the HijackThis log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:41:08, on 08/02/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Monica Marchand\Desktop\HijackThis.exe
C:\WINDOWS\system32\msfeedssync.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_mediu...4-a50010615881
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_mediu...4-a50010615881
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_mediu...4-a50010615881
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_mediu...4-a50010615881
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Google Update] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Monica Marchand\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: WatchDog de AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
--
End of file - 13293 bytes
2. Copy and paste the contents of the dds.txt file.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by Monica Marchand at 0:44:15 on 2014-02-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.185 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
mDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.3.0.49\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [SUPBackground] c:\program files\samsung\samsung update plus\SUPBackground.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Google Update] "c:\windows\system32\config\systemprofile\local settings\application data\google\update\GoogleUpdate.exe" /c
StartupFolder: c:\docume~1\monica~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\common files\microsoft shared\virtualization handler\CVH.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\monica marchand\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CDC8AC41-D072-4C52-AF79-059033DD623C} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.3.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-19 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;WatchDog de AVG;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-2-3 2317600]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-7-30 4300]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-30 55152]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2012-5-17 1590560]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-2-2 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-2-2 1042272]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.3.0\ToolbarUpdater.exe [2014-1-20 1771544]
R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-7-30 530664]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 587944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 213288]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 23208]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 19112]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
R3 VMC33F;Vimicro Camera Service VMC33F;c:\windows\system32\drivers\VMC33F.sys [2009-7-30 237952]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-2-2 171416]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-30 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-7 533360]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
.
=============== Created Last 30 ================
.
2014-02-02 21:59:57 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-02-02 21:59:52 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2014-02-02 21:59:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-01-31 19:48:05 -------- d-----w- c:\documents and settings\monica marchand\local settings\application data\SoftPlanet
2014-01-31 19:48:03 -------- d-----w- c:\program files\SoftPlanet Software Assistant
2014-01-31 11:41:10 -------- d-----w- c:\program files\Amazon
2014-01-31 11:24:18 -------- d-----w- c:\documents and settings\monica marchand\application data\systweak
2014-01-30 21:51:27 -------- d-----w- c:\documents and settings\all users\application data\BoostSoftware
2014-01-30 14:24:44 128000 ----a-w- c:\program files\uninstall information\21\3724\uninstall.exe
2014-01-30 14:09:46 -------- d-----w- c:\program files\SearchProtect
2014-01-30 14:09:42 -------- d-----w- c:\documents and settings\monica marchand\local settings\application data\SearchProtect
2014-01-30 14:09:35 -------- d-----w- c:\program files\MyPC Backup
2014-01-30 14:09:19 -------- d-----w- c:\documents and settings\monica marchand\application data\PerformerSoft
2014-01-30 14:09:11 18776 ----a-w- c:\windows\system32\roboot.exe
2014-01-26 19:03:32 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2014-01-26 19:03:28 -------- d-----w- c:\program files\McAfee Security Scan
2014-01-26 19:03:12 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2014-02-05 16:16:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 16:16:45 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2013-12-18 20:46:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
============= FINISH: 0:45:34.34 ===============
3. Copy and paste the attach.txt file. There is no need to zip and attach it as suggested in the DDS instructions
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 25/06/2010 02:28:26
System Uptime: 08/02/2014 00:24:14 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N130
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1595/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 43.084 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 70.899 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP99: 08/12/2013 21:16:47 - AVG 2014 instalado
RP100: 08/12/2013 21:17:13 - AVG 2011 eliminado
RP101: 08/12/2013 21:18:13 - AVG 2014 instalado
RP102: 08/12/2013 21:32:54 - AVG 2011 eliminado
RP103: 08/12/2013 21:50:11 - Software Distribution Service 3.0
RP104: 22/01/2014 22:18:49 - Software Distribution Service 3.0
RP105: 25/01/2014 11:28:08 - System Checkpoint
RP106: 26/01/2014 19:01:48 - Installed Java 7 Update 51
RP107: 30/01/2014 15:30:50 - System Checkpoint
RP108: 30/01/2014 23:20:58 - PC Performer Thu, Jan 30, 14 23:20
RP109: 31/01/2014 18:23:38 - Removed Bonjour
RP110: 31/01/2014 18:40:48 - Configured YouCam
RP111: 02/02/2014 21:12:52 - Removed BatteryLifeExtender
RP112: 02/02/2014 22:25:21 - Removed AnyPC Client
RP113: 02/02/2014 22:26:05 - Removed Easy Display Manager
RP114: 02/02/2014 22:35:47 - Removed Visual Studio 2012 x86 Redistributables
RP115: 02/02/2014 22:41:41 - Removed YTD Toolbar v8.6.
RP116: 04/02/2014 11:51:31 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
AVG 2014
AVG Security Toolbar
Choice Guard
Easy Network Manager
Easy Resolution Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
imagine digital freedom - Samsung
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0
Java 7 Update 51
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Magic Keyboard
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Activation Assistant for Netbooks
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2010 - English
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Online Services Sign-in Assistant
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Picasa 3
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Samsung Battery Manager
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Search Protect
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype 6.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
Visual Studio 2012 x86 Redistributables
WebCam SCB-0340N
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
02/02/2014 23:15:08, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
02/02/2014 22:48:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WatchDog de AVG service to connect.
02/02/2014 22:48:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
02/02/2014 22:48:59, error: Service Control Manager [7000] - The WatchDog de AVG service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 22:48:59, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 22:15:39, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
02/02/2014 22:15:39, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 22:00:55, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
02/02/2014 22:00:55, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 21:12:58, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
02/02/2014 20:43:12, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
01/02/2014 10:32:48, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.
01/02/2014 10:32:48, error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
4. Copy and paste the contents of the ark.txt file.
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-08 11:02:55
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1655GSX rev.FG010A 149.05GB
Running: 0p98crx6.exe; Driver: C:\DOCUME~1\MONICA~1\LOCALS~1\Temp\pwtdypod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xF797C690]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xF797C7B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xF797C010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xF797C490]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xF779C1D6]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xF797C2D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xF797C3B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xF797C110]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xF797C1F0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xF797C590]
---- Kernel code sections - GMER 2.1 ----
? C:\DOCUME~1\MONICA~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 6F071147 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 6F06FE6B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtCreateKey 7C90D0EE 2 Bytes JMP 6F06D0FB C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtCreateKey + 3 7C90D0F1 2 Bytes [76, F2] {JBE 0xfffffff4}
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 6F06FC88 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 6F06C120 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 6F06C3E3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 6F07121D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 6F06C1C4 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 6F06C33D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 6F06C172 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 6F06C491 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 6F06C51F C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 6F06FFF6 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 6F06CDA8 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 6F06FCF3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 6F06EC7C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 6F06FD63 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 6F06C217 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 6F06C43E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 6F071273 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 6F0711B7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 6F06C2EA C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 6F06C729 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 6F06FDD3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 6F06C27D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 6F0712D0 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 6F06C390 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6F04A4C4 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 6F0492EF C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6F04942D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!SetDllDirectoryW 7C85FD91 5 Bytes JMP 6F049F86 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!SetDllDirectoryA 7C85FE27 5 Bytes JMP 6F04A2B9 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!WinExec 7C862585 5 Bytes JMP 6F049B28 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] GDI32.dll!AddFontResourceA 77F29425 5 Bytes JMP 6F057542 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] GDI32.dll!AddFontResourceW 77F4014D 5 Bytes JMP 6F05755E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 7 Bytes JMP 6F05A4E0 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 6F05A243 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 6F059A3C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 6F059BB1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 6F049663 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 6F05A0C8 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 6F05A2D6 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 6F05AE14 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 6F05A032 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 6F05A1B7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 6F059C3D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 6F059AC8 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 6F05B1D5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 6F05AD7B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 6F0497A5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 6F05B293 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 6F05B359 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceObjectSecurity 77E36D01 7 Bytes JMP 6F05AFE5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 6F05B081 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 6F05A6E1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 6F05A5FC C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 6F05A983 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 6F05A8ED C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 6F059E14 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 6F059D3E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 6F05A56E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 6F05A429 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 6F05A372 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceDisplayNameA 77E37699 7 Bytes JMP 6F05AC82 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceDisplayNameW 77E37739 7 Bytes JMP 6F05ABCA C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceKeyNameA 77E377D9 7 Bytes JMP 6F05AAD1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceKeyNameW 77E37879 7 Bytes JMP 6F05AA19 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 6F05AF49 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 6F05AEAD C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 6F05B117 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 6F061830 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 6F0636F5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoUninitialize 77501364 5 Bytes JMP 6F061005 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoInitializeEx 7750149B 5 Bytes JMP 6F060F83 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleInitialize 77501C0A 5 Bytes JMP 6F0610D3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 6F062427 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoRegisterClassObject 775179F8 5 Bytes JMP 6F061E99 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoGetPSClsid 77519358 5 Bytes JMP 6F060F10 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoResumeClassObjects + 7 775268CF 7 Bytes JMP 6F061369 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoSuspendClassObjects + 7 7752695A 7 Bytes JMP 6F061294 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoRevokeClassObject 77529EA8 5 Bytes JMP 6F0607F5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleUninitialize 7753327F 6 Bytes JMP 6F061143 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoGetInstanceFromFile 77540282 5 Bytes JMP 6F0628E7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleRun 77556249 5 Bytes JMP 6F061224 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoRegisterPSClsid 7758CF0A 5 Bytes JMP 6F060D98 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleRegEnumFormatEtc 775D4967 5 Bytes JMP 6F0611AE C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 01B10018
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C88C10 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 00C88CD0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 00C93EE0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C8B1B0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C8B100 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B81 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1BD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79B7 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78E9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7954 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77BA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E781C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A1A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E787E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC70 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7D1F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 01B10018
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C88C10 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 00C88CD0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 00C93EE0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C8B1B0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C8B100 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79B7 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78E9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7954 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77BA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E781C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A1A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E787E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 01B10018
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C88C10 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 00C88CD0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 00C93EE0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C8B1B0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C8B100 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B81 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1BD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79B7 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78E9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7954 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77BA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E781C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A1A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E787E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC70 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7D1F C:\WINDOWS\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
1. Copy and paste the HijackThis log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:41:08, on 08/02/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Monica Marchand\Desktop\HijackThis.exe
C:\WINDOWS\system32\msfeedssync.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_mediu...4-a50010615881
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_mediu...4-a50010615881
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_mediu...4-a50010615881
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_mediu...4-a50010615881
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Google Update] "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Monica Marchand\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: WatchDog de AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
--
End of file - 13293 bytes
2. Copy and paste the contents of the dds.txt file.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
Run by Monica Marchand at 0:44:15 on 2014-02-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.185 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
mDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=ie&utm_campaign=134878622171&utm_source=sm&utm_content=1&utm_te rm=01e78973-749f-42b5-a704-a50010615881
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.3.0.49\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [SUPBackground] c:\program files\samsung\samsung update plus\SUPBackground.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Google Update] "c:\windows\system32\config\systemprofile\local settings\application data\google\update\GoogleUpdate.exe" /c
StartupFolder: c:\docume~1\monica~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\common files\microsoft shared\virtualization handler\CVH.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\monica marchand\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CDC8AC41-D072-4C52-AF79-059033DD623C} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.3.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-19 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;WatchDog de AVG;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-2-3 2317600]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-7-30 4300]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-30 55152]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2012-5-17 1590560]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-2-2 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-2-2 1042272]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.3.0\ToolbarUpdater.exe [2014-1-20 1771544]
R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-7-30 530664]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 587944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 213288]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 23208]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 19112]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
R3 VMC33F;Vimicro Camera Service VMC33F;c:\windows\system32\drivers\VMC33F.sys [2009-7-30 237952]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-2-2 171416]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-30 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-7 533360]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
.
=============== Created Last 30 ================
.
2014-02-02 21:59:57 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-02-02 21:59:52 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2014-02-02 21:59:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-01-31 19:48:05 -------- d-----w- c:\documents and settings\monica marchand\local settings\application data\SoftPlanet
2014-01-31 19:48:03 -------- d-----w- c:\program files\SoftPlanet Software Assistant
2014-01-31 11:41:10 -------- d-----w- c:\program files\Amazon
2014-01-31 11:24:18 -------- d-----w- c:\documents and settings\monica marchand\application data\systweak
2014-01-30 21:51:27 -------- d-----w- c:\documents and settings\all users\application data\BoostSoftware
2014-01-30 14:24:44 128000 ----a-w- c:\program files\uninstall information\21\3724\uninstall.exe
2014-01-30 14:09:46 -------- d-----w- c:\program files\SearchProtect
2014-01-30 14:09:42 -------- d-----w- c:\documents and settings\monica marchand\local settings\application data\SearchProtect
2014-01-30 14:09:35 -------- d-----w- c:\program files\MyPC Backup
2014-01-30 14:09:19 -------- d-----w- c:\documents and settings\monica marchand\application data\PerformerSoft
2014-01-30 14:09:11 18776 ----a-w- c:\windows\system32\roboot.exe
2014-01-26 19:03:32 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2014-01-26 19:03:28 -------- d-----w- c:\program files\McAfee Security Scan
2014-01-26 19:03:12 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2014-02-05 16:16:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 16:16:45 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2013-12-18 20:46:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
============= FINISH: 0:45:34.34 ===============
3. Copy and paste the attach.txt file. There is no need to zip and attach it as suggested in the DDS instructions
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 25/06/2010 02:28:26
System Uptime: 08/02/2014 00:24:14 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N130
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1595/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 43.084 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 70.899 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP99: 08/12/2013 21:16:47 - AVG 2014 instalado
RP100: 08/12/2013 21:17:13 - AVG 2011 eliminado
RP101: 08/12/2013 21:18:13 - AVG 2014 instalado
RP102: 08/12/2013 21:32:54 - AVG 2011 eliminado
RP103: 08/12/2013 21:50:11 - Software Distribution Service 3.0
RP104: 22/01/2014 22:18:49 - Software Distribution Service 3.0
RP105: 25/01/2014 11:28:08 - System Checkpoint
RP106: 26/01/2014 19:01:48 - Installed Java 7 Update 51
RP107: 30/01/2014 15:30:50 - System Checkpoint
RP108: 30/01/2014 23:20:58 - PC Performer Thu, Jan 30, 14 23:20
RP109: 31/01/2014 18:23:38 - Removed Bonjour
RP110: 31/01/2014 18:40:48 - Configured YouCam
RP111: 02/02/2014 21:12:52 - Removed BatteryLifeExtender
RP112: 02/02/2014 22:25:21 - Removed AnyPC Client
RP113: 02/02/2014 22:26:05 - Removed Easy Display Manager
RP114: 02/02/2014 22:35:47 - Removed Visual Studio 2012 x86 Redistributables
RP115: 02/02/2014 22:41:41 - Removed YTD Toolbar v8.6.
RP116: 04/02/2014 11:51:31 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
AVG 2014
AVG Security Toolbar
Choice Guard
Easy Network Manager
Easy Resolution Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
imagine digital freedom - Samsung
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0
Java 7 Update 51
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Magic Keyboard
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Activation Assistant for Netbooks
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2010 - English
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Online Services Sign-in Assistant
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Picasa 3
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Samsung Battery Manager
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Search Protect
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype 6.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
Visual Studio 2012 x86 Redistributables
WebCam SCB-0340N
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
02/02/2014 23:15:08, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
02/02/2014 22:48:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WatchDog de AVG service to connect.
02/02/2014 22:48:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
02/02/2014 22:48:59, error: Service Control Manager [7000] - The WatchDog de AVG service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 22:48:59, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 22:15:39, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
02/02/2014 22:15:39, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 22:00:55, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
02/02/2014 22:00:55, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/02/2014 21:12:58, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
02/02/2014 20:43:12, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
01/02/2014 10:32:48, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.
01/02/2014 10:32:48, error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
4. Copy and paste the contents of the ark.txt file.
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-08 11:02:55
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1655GSX rev.FG010A 149.05GB
Running: 0p98crx6.exe; Driver: C:\DOCUME~1\MONICA~1\LOCALS~1\Temp\pwtdypod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xF797C690]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xF797C7B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xF797C010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xF797C490]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xF779C1D6]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xF797C2D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xF797C3B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xF797C110]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xF797C1F0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xF797C590]
---- Kernel code sections - GMER 2.1 ----
? C:\DOCUME~1\MONICA~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 6F071147 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 6F06FE6B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtCreateKey 7C90D0EE 2 Bytes JMP 6F06D0FB C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtCreateKey + 3 7C90D0F1 2 Bytes [76, F2] {JBE 0xfffffff4}
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 6F06FC88 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 6F06C120 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 6F06C3E3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtDuplicateObject 7C90D29E 5 Bytes JMP 6F07121D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtEnumerateKey 7C90D2CE 5 Bytes JMP 6F06C1C4 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 6F06C33D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtFlushKey 7C90D34E 5 Bytes JMP 6F06C172 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtNotifyChangeKey 7C90D54E 5 Bytes JMP 6F06C491 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtNotifyChangeMultipleKeys 7C90D55E 5 Bytes JMP 6F06C51F C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 6F06FFF6 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtOpenKey 7C90D5CE 5 Bytes JMP 6F06CDA8 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryAttributesFile 7C90D70E 5 Bytes JMP 6F06FCF3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 6F06EC7C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 6F06FD63 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryKey 7C90D85E 5 Bytes JMP 6F06C217 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 5 Bytes JMP 6F06C43E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryObject 7C90D88E 5 Bytes JMP 6F071273 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQuerySecurityObject 7C90D8DE 5 Bytes JMP 6F0711B7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtQueryValueKey 7C90D96E 5 Bytes JMP 6F06C2EA C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtRenameKey 7C90DA5E 5 Bytes JMP 6F06C729 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 6F06FDD3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetInformationKey 7C90DC7E 5 Bytes JMP 6F06C27D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetSecurityObject 7C90DD2E 5 Bytes JMP 6F0712D0 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 6F06C390 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6F04A4C4 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 6F0492EF C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6F04942D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!SetDllDirectoryW 7C85FD91 5 Bytes JMP 6F049F86 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!SetDllDirectoryA 7C85FE27 5 Bytes JMP 6F04A2B9 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] kernel32.dll!WinExec 7C862585 5 Bytes JMP 6F049B28 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] GDI32.dll!AddFontResourceA 77F29425 5 Bytes JMP 6F057542 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] GDI32.dll!AddFontResourceW 77F4014D 5 Bytes JMP 6F05755E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 7 Bytes JMP 6F05A4E0 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 6F05A243 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 6F059A3C C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 6F059BB1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 6F049663 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 6F05A0C8 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 6F05A2D6 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 6F05AE14 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 6F05A032 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 6F05A1B7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 6F059C3D C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 6F059AC8 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 6F05B1D5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 6F05AD7B C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 6F0497A5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 6F05B293 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 6F05B359 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceObjectSecurity 77E36D01 7 Bytes JMP 6F05AFE5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 6F05B081 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 6F05A6E1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 6F05A5FC C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 6F05A983 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 6F05A8ED C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 6F059E14 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 6F059D3E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 6F05A56E C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 6F05A429 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 6F05A372 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceDisplayNameA 77E37699 7 Bytes JMP 6F05AC82 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceDisplayNameW 77E37739 7 Bytes JMP 6F05ABCA C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceKeyNameA 77E377D9 7 Bytes JMP 6F05AAD1 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!GetServiceKeyNameW 77E37879 7 Bytes JMP 6F05AA19 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 6F05AF49 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 6F05AEAD C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 6F05B117 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 6F061830 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 6F0636F5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoUninitialize 77501364 5 Bytes JMP 6F061005 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoInitializeEx 7750149B 5 Bytes JMP 6F060F83 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleInitialize 77501C0A 5 Bytes JMP 6F0610D3 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 6F062427 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoRegisterClassObject 775179F8 5 Bytes JMP 6F061E99 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoGetPSClsid 77519358 5 Bytes JMP 6F060F10 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoResumeClassObjects + 7 775268CF 7 Bytes JMP 6F061369 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoSuspendClassObjects + 7 7752695A 7 Bytes JMP 6F061294 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoRevokeClassObject 77529EA8 5 Bytes JMP 6F0607F5 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleUninitialize 7753327F 6 Bytes JMP 6F061143 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoGetInstanceFromFile 77540282 5 Bytes JMP 6F0628E7 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleRun 77556249 5 Bytes JMP 6F061224 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!CoRegisterPSClsid 7758CF0A 5 Bytes JMP 6F060D98 C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4792] ole32.dll!OleRegEnumFormatEtc 775D4967 5 Bytes JMP 6F0611AE C:\WINDOWS\system32\sftldr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 01B10018
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C88C10 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 00C88CD0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 00C93EE0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C8B1B0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C8B100 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B81 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1BD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79B7 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78E9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7954 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77BA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E781C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A1A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E787E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC70 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4960] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7D1F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 01B10018
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C88C10 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 00C88CD0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 00C93EE0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C8B1B0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C8B100 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79B7 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78E9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7954 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77BA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E781C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A1A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E787E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] kernel32.dll!ExitProcess 7C81D20A 5 Bytes JMP 01B10018
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C88C10 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 00C88CD0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ADVAPI32.dll!RegSetValueExW 77DDD767 5 Bytes JMP 00C93EE0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00C8B1B0 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00C8B100 C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B81 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1BD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC14 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E79B7 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78E9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7954 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E77BA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E781C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E7A1A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E787E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC70 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5772] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7D1F C:\WINDOWS\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----