My computer was recently infected with one of the fake FBI alert virus, which I thought I had successfully removed. However, my task manager is still having problems. Immediately after opening, it will close.
Hijackthis Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:18:02 PM, on 1/16/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Troy Malsam\Desktop\HijackThis.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...S_ZJxdm128YYUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - Trusted IP range: http://192.168.10.1
O15 - ESC Trusted IP range: http://192.168.10.1
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab...t_4.4.26.0.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplug...bootloader.cab
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} - http://webplayer.unity3d.com/downloa...yWebPlayer.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messen....cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - http://domino2.limacityschools.org/dwa85W.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://mywayphotos.riteaid.com/uploa...eX_Control.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab...i_4.4.26.0.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9365 bytes
dds.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by Troy Malsam at 19:18:15 on 2013-01-16
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3070.1181 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Common Files\Steam\SteamService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Troy Malsam\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: SearchSettings Class: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\search settings\kb128\SearchSettings.dll
uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - c:\program files\couponalert_2p\bar\1.bin\2pSrcAs.dll
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
uURLSearchHooks: {32b29df0-2237-4370-9a29-37cebb730e9b} - <orphaned>
mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
uWindows: Load = c:\users\troyma~1\locals~1\temp\mspaifxx.pif
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - c:\program files\couponalert_2p\bar\1.bin\2pbar.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - c:\program files\couponalert_2p\bar\1.bin\2pSrcAs.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\18.7.2.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SearchSettings Class: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\search settings\kb128\SearchSettings.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - c:\program files\couponalert_2p\bar\1.bin\2pbar.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\troy malsam\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [systeminit.exe] c:\users\troyma~1\appdata\local\temp\systeminit.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [CrashDumps] rundll32.exe "c:\users\troy malsam\appdata\local\falloutnv\crashdumps\mbssgxg.dll",DllRegisterServerW
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [CyberLink] c:\users\troy malsam\appdata\roaming\54809a\54809A.exe
uRun: [Adobe CS Manager] c:\users\troy malsam\appdata\roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79\dbfdabfdcebcbc.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SS_MW] c:\program files\radica\stylin' studio\SS_MW.exe
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [CouponAlert_2p Browser Plugin Loader] c:\progra~1\coupon~2\bar\1.bin\2pbrmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: c:\users\troyma~1\appdata\roaming\micros~1\windows\startm~1\programs\startu p\runctf.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Search - http://edits.mywebsearch.com/toolbar...S_ZJxdm128YYUS
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxp://domino2.limacityschools.org/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{0078279E-8349-48A2-941C-83420A7E14DA} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{4B8DB134-9445-4147-BE84-E777B9D1E0A3} : DHCPNameServer = 192.168.10.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\couponalert_2p\bar\1.bin\NP2pStub.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\troy malsam\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions \{32b29df0-2237-4370-9a29-37cebb730e9b}\plugins\np-mswmp.dll
FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions \{37153479-1976-43c3-a1ee-557513977b64}\plugins\np-mswmp.dll
FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions \{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-07-01 22:52; 2pffxtbr@CouponAlert_2p.com; c:\program files\couponalert_2p\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2012-6-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2012-6-11 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20130111.001\BHDrvx86.sys [2013-1-15 995488]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20130115.001\IDSvix86.sys [2013-1-16 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2012-6-11 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207020.003\symtdiv.sys [2012-6-11 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-1-8 8704]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-11-30 382824]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2010-12-3 836384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-27 106656]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-8-26 207360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2012-2-25 131912]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-7 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Waew
2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Ittuu
2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Axag
2013-01-16 23:04:08 -------- d-----w- c:\users\troy malsam\appdata\roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79
2013-01-16 23:04:00 181248 --sha-w- c:\programdata\ms00A10AEB.dat
2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Xaure
2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Veacu
2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Asno
2013-01-12 16:56:38 -------- d-----w- c:\users\troy malsam\appdata\local\Warframe
2013-01-08 20:59:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 20:59:49 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 20:58:51 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-06 19:58:43 -------- d-----w- c:\program files\OverTheEdge
2012-12-22 17:01:40 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-12-21 18:20:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 18:20:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-18 21:18:04 -------- d-----w- c:\users\troy malsam\appdata\local\4A Games
2012-12-18 02:47:45 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-12-18 02:47:45 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-12-18 02:47:45 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-12-18 02:47:44 9373032 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-18 02:47:44 7819016 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-18 02:47:44 6149904 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-18 02:47:44 20335976 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-18 02:47:43 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-18 02:47:43 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-18 02:47:42 2606440 ----a-w- c:\windows\system32\nvcuvid.dll
.
==================== Find3M ====================
.
2013-01-09 00:43:23 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 00:43:22 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-03 15:39:40 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 15:39:40 2496976 ----a-w- c:\windows\system32\nvapi.dll
2012-12-03 15:39:40 15122280 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-03 15:39:40 12603960 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-03 15:39:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-01 04:38:18 2869608 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-01 04:38:13 3984744 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 04:37:55 645480 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 04:37:55 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 04:37:55 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 03:43:52 438632 ----a-w- c:\windows\system32\nvStreaming.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
============= FINISH: 19:19:54.26 ===============
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/11/2008 5:49:18 PM
System Uptime: 1/16/2013 6:58:54 PM (1 hours ago)
.
Motherboard: OEM_MB | | IVY8
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 6.106 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.22 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0000
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce 10/100 Mbps Ethernet
Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A5B103C&REV_A2\3&2411E6FE&0&38
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100 Mbps Ethernet
PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A5B103C&REV_A2\3&2411E6FE&0&38
Service: NVENETFD
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_COUPONALERT_2PSERVICE_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_COUPONALERT_2PSERVICE_XX
Service: CouponAlert_2pService
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_MYWEBSEARCHSERVICE_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_MYWEBSEARCHSERVICE_XX
Service: MyWebSearchService
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0000
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor)
PNP Device ID: ROOT\MS_NDISWANBH\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IPv6)
Device ID: ROOT\MS_NDISWANIPV6\0000
Manufacturer: Microsoft
Name: WAN Miniport (IPv6)
PNP Device ID: ROOT\MS_NDISWANIPV6\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.5
Advanced PC Tweaker v4.2
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
applicationupdater
Ask Toolbar
Audacity 1.2.6
Auslogics Disk Defrag
Big Fish Games: Game Manager
Bing Bar
Bonjour
CamStudio
Cards_Calendar_OrderGift_DoMorePlugout
Cave Story Deluxe
Compatibility Pack for the 2007 Office system
Coupon Alert
Coupon Printer for Windows
Coupons.com Toolbar
CyberLink DVD Suite Deluxe
D-Link DFE-530TX+
D-Link PCI Fast Ethernet Adapter
D3DX10
Dark Souls: Prepare to Die Edition
Dealio Toolbar v4.0
Dedicated Server
Desura
DFOLauncher
Dungeon Fighter Online
Ease Audio Converter 4.80
Explorer Suite III
Fallout: New Vegas
Flash Movie Player 1.5
FlipShare
Free Mp3 Wma Converter V 1.8.0
Free MP3 WMA OGG Converter 8.2.5
FTL: Faster Than Light
Garry's Mod
GCFScape 1.8.0
GECK - New Vegas Edition
GoldWave v5.20
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Gyazo 1.0
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Dedicated Server Update Tool
Hardware Diagnostic Tools
Hi-Rez Studios Games
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP MediaSmart DVD
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Product Detection
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
iTunes
Japanese Fonts Support For Adobe Reader 8
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) SE Runtime Environment 6 Update 1
JavaFX 2.1.1
Junk Mail filter update
LabelPrint
League of Legends
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Left 4 Dead 2 Authoring Tools
Left 4 Dead 2 Dedicated Server
LightScribe System Software
LightScribeTemplateLabeler
LogMeIn Hamachi
Map Button (Windows Live Toolbar)
Mesh Runtime
Messenger Companion
Metro 2033
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MobileMe Control Panel
Mozilla Firefox 5.0.1 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
muvee autoProducer 6.1
My HP Games
My Web Search (Smiley Central)
MySQL Connector/ODBC 3.51
MySQL Server 5.0
Mystery Case Files: Ravenhearst ®
Norton Internet Security
Norton Security Scan
NVIDIA 3D Vision Controller Driver 310.70
NVIDIA 3D Vision Driver 310.70
NVIDIA Control Panel 310.70
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 310.70
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OBCO Final Release (Compiled Version - some features disabled).
OGA Notifier 2.0.0048.0
Paint.NET v3.5.10
Pando Media Booster
ParetoLogic DriverCure
PCIe Soft Data Fax Modem with SmartCP
PhotoMovieMaker
PictureMover
Portal
Portforward Static IP Address 1.0.43
Power2Go
PowerDirector
ProGen
PSSWCORE
Python 2.5.2
QuickTime
Realm of the Mad God
Realtek High Definition Audio Driver
RegAce System Suite
Safari
Search Settings 1.2.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Segoe UI
Simple Port Forwarding
Skype Toolbars
Skype 5.10
Smart Menus (Windows Live Toolbar)
Source SDK Base - Orange Box
sp44626
Spelling Dictionaries Support For Adobe Reader 8
Sphere (remove only)
Spiral Knights
SPORE Creature Creator Trial Edition
SQLyog Community 6.03
Steam
Stylin' Studio v1.0
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
Team Fortress 2 Dedicated Server
Terraria
The Binding Of Isaac
The Weather Channel App
The Weather Channel Desktop 6
TortoiseSVN 1.6.7.18415 (32 bit)
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VideoToolkit01
VTFEdit 1.2.5
Warcraft III
Warframe
WeGame Client 2.2.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
XSplit
.
==== End Of File ===========================
ark.txt
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-16 19:28:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000065 ST332082 rev.3.CH 298.09GB
Running: m7shzt81.exe; Driver: C:\Users\TROYMA~1\AppData\Local\Temp\fwldypod.sys
---- System - GMER 2.0 ----
SSDT 88518648 ZwAlertResumeThread
SSDT 88518728 ZwAlertThread
SSDT 88525558 ZwAllocateVirtualMemory
SSDT 87D392C0 ZwAlpcConnectPort
SSDT 88527900 ZwAssignProcessToJobObject
SSDT 88518398 ZwCreateMutant
SSDT 885275D8 ZwCreateSymbolicLinkObject
SSDT 88BBB060 ZwCreateThread
SSDT 885279E0 ZwDebugActiveProcess
SSDT 88525728 ZwDuplicateObject
SSDT 884F4E68 ZwFreeVirtualMemory
SSDT 88518488 ZwImpersonateAnonymousToken
SSDT 88518568 ZwImpersonateThread
SSDT 87D39248 ZwLoadDriver
SSDT 884F4D68 ZwMapViewOfSection
SSDT 885182B8 ZwOpenEvent
SSDT 88BAA9C0 ZwOpenProcess
SSDT 88525648 ZwOpenProcessToken
SSDT 88527C08 ZwOpenSection
SSDT 88525818 ZwOpenThread
SSDT 88527810 ZwProtectVirtualMemory
SSDT 88527FA8 ZwResumeThread
SSDT 884F4AB8 ZwSetContextThread
SSDT 884F4B98 ZwSetInformationProcess
SSDT 88527AC0 ZwSetSystemInformation
SSDT 88527EA8 ZwSuspendProcess
SSDT 88518BF0 ZwSuspendThread
SSDT 8864DE58 ZwTerminateProcess
SSDT 884F49D8 ZwTerminateThread
SSDT 884F4C88 ZwUnmapViewOfSection
SSDT 884F4F38 ZwWriteVirtualMemory
SSDT 88527710 ZwCreateThreadEx
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 82CB57E0 8 Bytes [48, 86, 51, 88, 28, 87, 51, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 82CB57F4 4 Bytes [58, 55, 52, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 82CB5800 4 Bytes [C0, 92, D3, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 82CB5854 4 Bytes CALL D54458DB
.text ntkrnlpa.exe!KeSetEvent + 1F5 82CB58B8 4 Bytes [98, 83, 51, 88]
.text ...
? C:\Users\TROYMA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.0 ----
.text C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE[868] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00275560
.text C:\Windows\System32\rundll32.exe[1240] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 001E5560
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1384] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 003F5560
.text C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe[2112] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 002B5560
.text C:\Windows\ehome\ehtray.exe[2404] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 014A5560
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ntdll.dll!NtSetInformationProcess 77835194 5 Bytes JMP 032C0594
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!ReadProcessMemory + 3E 76741CB3 7 Bytes JMP 032C012A
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!WriteProcessMemory + 106 76741DBE 7 Bytes JMP 032C03D0
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!CreateIoCompletionPort + 52 76769D96 7 Bytes JMP 032C04B2
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!VirtualAllocEx + 54 7678AF50 7 Bytes JMP 032C02EE
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!CreateThread 7678CB0E 5 Bytes JMP 032C0048
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!GetProcessHandleCount + 35 767D5DD3 7 Bytes JMP 032C020C
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!SetWindowsHookExW 75F687AD 5 Bytes JMP 694425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CallNextHookEx 75F68E3B 5 Bytes JMP 69467FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!UnhookWindowsHookEx 75F698DB 5 Bytes JMP 6948ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DefWindowProcA 75F6DB88 7 Bytes JMP 69409805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExA 75F6DC2A 5 Bytes JMP 6941363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExW 75F71305 5 Bytes JMP 694703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DefWindowProcW 75F803B4 7 Bytes JMP 69468042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!OleLoadFromStream 776A1E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!OleLoadFromStream 776A1E80 5 Bytes JMP 69599784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!CoGetTreatAsClass + D2F 776BFAE3 7 Bytes JMP 032C0676
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!CoCreateInstance + 3E 776D9F7C 7 Bytes JMP 032C0758
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 001C1FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 001C1F8C
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!NtResumeThread 77835024 3 Bytes JMP 00835560
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!NtResumeThread + 4 77835028 1 Byte [89]
.text C:\Program Files\Radica\Stylin' Studio\SS_MW.exe[3264] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00265560
.text C:\Windows\ehome\ehmsas.exe[3364] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 000D5560
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3452] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00925560
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02E11FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02E11F8C
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 002C5560
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02D31FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02D31F8C
.text C:\Windows\system32\NOTEPAD.EXE[5192] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
.text C:\Windows\system32\wuauclt.exe[5364] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00075560
.text C:\Windows\system32\svchost.exe[5652] svchost.exe 005D2083 6 Bytes PUSH 00050000; RET
.text C:\Windows\system32\svchost.exe[5652] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00065560
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00045560
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ntdll.dll!NtSetInformationProcess 77835194 5 Bytes JMP 05380594
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!ReadProcessMemory + 3E 76741CB3 7 Bytes JMP 0538012A
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!WriteProcessMemory + 106 76741DBE 7 Bytes JMP 053803D0
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!CreateIoCompletionPort + 52 76769D96 7 Bytes JMP 053804B2
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!VirtualAllocEx + 54 7678AF50 7 Bytes JMP 053802EE
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!CreateThread 7678CB0E 5 Bytes JMP 05380048
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!GetProcessHandleCount + 35 767D5DD3 7 Bytes JMP 0538020C
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!SetWindowsHookExW 75F687AD 5 Bytes JMP 694425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CallNextHookEx 75F68E3B 5 Bytes JMP 69467FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!UnhookWindowsHookEx 75F698DB 5 Bytes JMP 6948ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DefWindowProcA 75F6DB88 7 Bytes JMP 69409805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExA 75F6DC2A 5 Bytes JMP 6941363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExW 75F71305 5 Bytes JMP 694703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DefWindowProcW 75F803B4 7 Bytes JMP 69468042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!OleLoadFromStream 776A1E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!OleLoadFromStream 776A1E80 5 Bytes JMP 69599784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!CoGetTreatAsClass + D2F 776BFAE3 7 Bytes JMP 05380676
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!CoCreateInstance + 3E 776D9F7C 7 Bytes JMP 05380758
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02DB1FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02DB1F8C
.text C:\Windows\system32\ctfmon.exe[5836] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[6128] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
.text C:\Users\Troy Malsam\Desktop\HijackThis.exe[8136] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00145560
---- EOF - GMER 2.0 ----
Hijackthis Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:18:02 PM, on 1/16/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Troy Malsam\Desktop\HijackThis.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...S_ZJxdm128YYUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - Trusted IP range: http://192.168.10.1
O15 - ESC Trusted IP range: http://192.168.10.1
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab...t_4.4.26.0.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplug...bootloader.cab
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} - http://webplayer.unity3d.com/downloa...yWebPlayer.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messen....cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - http://domino2.limacityschools.org/dwa85W.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://mywayphotos.riteaid.com/uploa...eX_Control.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab...i_4.4.26.0.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9365 bytes
dds.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by Troy Malsam at 19:18:15 on 2013-01-16
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3070.1181 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Common Files\Steam\SteamService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Troy Malsam\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: SearchSettings Class: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\search settings\kb128\SearchSettings.dll
uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - c:\program files\couponalert_2p\bar\1.bin\2pSrcAs.dll
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
uURLSearchHooks: {32b29df0-2237-4370-9a29-37cebb730e9b} - <orphaned>
mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
uWindows: Load = c:\users\troyma~1\locals~1\temp\mspaifxx.pif
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - c:\program files\couponalert_2p\bar\1.bin\2pbar.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - c:\program files\couponalert_2p\bar\1.bin\2pSrcAs.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\18.7.2.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SearchSettings Class: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\search settings\kb128\SearchSettings.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - c:\program files\couponalert_2p\bar\1.bin\2pbar.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\troy malsam\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [systeminit.exe] c:\users\troyma~1\appdata\local\temp\systeminit.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [CrashDumps] rundll32.exe "c:\users\troy malsam\appdata\local\falloutnv\crashdumps\mbssgxg.dll",DllRegisterServerW
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [CyberLink] c:\users\troy malsam\appdata\roaming\54809a\54809A.exe
uRun: [Adobe CS Manager] c:\users\troy malsam\appdata\roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79\dbfdabfdcebcbc.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SS_MW] c:\program files\radica\stylin' studio\SS_MW.exe
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [CouponAlert_2p Browser Plugin Loader] c:\progra~1\coupon~2\bar\1.bin\2pbrmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: c:\users\troyma~1\appdata\roaming\micros~1\windows\startm~1\programs\startu p\runctf.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Search - http://edits.mywebsearch.com/toolbar...S_ZJxdm128YYUS
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxp://domino2.limacityschools.org/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{0078279E-8349-48A2-941C-83420A7E14DA} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{4B8DB134-9445-4147-BE84-E777B9D1E0A3} : DHCPNameServer = 192.168.10.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\couponalert_2p\bar\1.bin\NP2pStub.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\troy malsam\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions \{32b29df0-2237-4370-9a29-37cebb730e9b}\plugins\np-mswmp.dll
FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions \{37153479-1976-43c3-a1ee-557513977b64}\plugins\np-mswmp.dll
FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions \{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-07-01 22:52; 2pffxtbr@CouponAlert_2p.com; c:\program files\couponalert_2p\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2012-6-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2012-6-11 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20130111.001\BHDrvx86.sys [2013-1-15 995488]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20130115.001\IDSvix86.sys [2013-1-16 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2012-6-11 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207020.003\symtdiv.sys [2012-6-11 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-1-8 8704]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-11-30 382824]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2010-12-3 836384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-27 106656]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-8-26 207360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2012-2-25 131912]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-7 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Waew
2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Ittuu
2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Axag
2013-01-16 23:04:08 -------- d-----w- c:\users\troy malsam\appdata\roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79
2013-01-16 23:04:00 181248 --sha-w- c:\programdata\ms00A10AEB.dat
2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Xaure
2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Veacu
2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Asno
2013-01-12 16:56:38 -------- d-----w- c:\users\troy malsam\appdata\local\Warframe
2013-01-08 20:59:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 20:59:49 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 20:58:51 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-06 19:58:43 -------- d-----w- c:\program files\OverTheEdge
2012-12-22 17:01:40 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-12-21 18:20:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 18:20:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-18 21:18:04 -------- d-----w- c:\users\troy malsam\appdata\local\4A Games
2012-12-18 02:47:45 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-12-18 02:47:45 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-12-18 02:47:45 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-12-18 02:47:44 9373032 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-18 02:47:44 7819016 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-18 02:47:44 6149904 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-18 02:47:44 20335976 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-18 02:47:43 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-18 02:47:43 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-18 02:47:42 2606440 ----a-w- c:\windows\system32\nvcuvid.dll
.
==================== Find3M ====================
.
2013-01-09 00:43:23 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 00:43:22 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-03 15:39:40 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 15:39:40 2496976 ----a-w- c:\windows\system32\nvapi.dll
2012-12-03 15:39:40 15122280 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-03 15:39:40 12603960 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-03 15:39:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-01 04:38:18 2869608 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-01 04:38:13 3984744 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 04:37:55 645480 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 04:37:55 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 04:37:55 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 03:43:52 438632 ----a-w- c:\windows\system32\nvStreaming.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
============= FINISH: 19:19:54.26 ===============
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/11/2008 5:49:18 PM
System Uptime: 1/16/2013 6:58:54 PM (1 hours ago)
.
Motherboard: OEM_MB | | IVY8
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 6.106 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.22 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0000
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce 10/100 Mbps Ethernet
Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A5B103C&REV_A2\3&2411E6FE&0&38
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100 Mbps Ethernet
PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A5B103C&REV_A2\3&2411E6FE&0&38
Service: NVENETFD
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_COUPONALERT_2PSERVICE_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_COUPONALERT_2PSERVICE_XX
Service: CouponAlert_2pService
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_MYWEBSEARCHSERVICE_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_MYWEBSEARCHSERVICE_XX
Service: MyWebSearchService
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0000
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor)
PNP Device ID: ROOT\MS_NDISWANBH\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IPv6)
Device ID: ROOT\MS_NDISWANIPV6\0000
Manufacturer: Microsoft
Name: WAN Miniport (IPv6)
PNP Device ID: ROOT\MS_NDISWANIPV6\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.5
Advanced PC Tweaker v4.2
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
applicationupdater
Ask Toolbar
Audacity 1.2.6
Auslogics Disk Defrag
Big Fish Games: Game Manager
Bing Bar
Bonjour
CamStudio
Cards_Calendar_OrderGift_DoMorePlugout
Cave Story Deluxe
Compatibility Pack for the 2007 Office system
Coupon Alert
Coupon Printer for Windows
Coupons.com Toolbar
CyberLink DVD Suite Deluxe
D-Link DFE-530TX+
D-Link PCI Fast Ethernet Adapter
D3DX10
Dark Souls: Prepare to Die Edition
Dealio Toolbar v4.0
Dedicated Server
Desura
DFOLauncher
Dungeon Fighter Online
Ease Audio Converter 4.80
Explorer Suite III
Fallout: New Vegas
Flash Movie Player 1.5
FlipShare
Free Mp3 Wma Converter V 1.8.0
Free MP3 WMA OGG Converter 8.2.5
FTL: Faster Than Light
Garry's Mod
GCFScape 1.8.0
GECK - New Vegas Edition
GoldWave v5.20
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Gyazo 1.0
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Dedicated Server Update Tool
Hardware Diagnostic Tools
Hi-Rez Studios Games
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP MediaSmart DVD
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Product Detection
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
iTunes
Japanese Fonts Support For Adobe Reader 8
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) SE Runtime Environment 6 Update 1
JavaFX 2.1.1
Junk Mail filter update
LabelPrint
League of Legends
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Left 4 Dead 2 Authoring Tools
Left 4 Dead 2 Dedicated Server
LightScribe System Software
LightScribeTemplateLabeler
LogMeIn Hamachi
Map Button (Windows Live Toolbar)
Mesh Runtime
Messenger Companion
Metro 2033
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MobileMe Control Panel
Mozilla Firefox 5.0.1 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
muvee autoProducer 6.1
My HP Games
My Web Search (Smiley Central)
MySQL Connector/ODBC 3.51
MySQL Server 5.0
Mystery Case Files: Ravenhearst ®
Norton Internet Security
Norton Security Scan
NVIDIA 3D Vision Controller Driver 310.70
NVIDIA 3D Vision Driver 310.70
NVIDIA Control Panel 310.70
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 310.70
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OBCO Final Release (Compiled Version - some features disabled).
OGA Notifier 2.0.0048.0
Paint.NET v3.5.10
Pando Media Booster
ParetoLogic DriverCure
PCIe Soft Data Fax Modem with SmartCP
PhotoMovieMaker
PictureMover
Portal
Portforward Static IP Address 1.0.43
Power2Go
PowerDirector
ProGen
PSSWCORE
Python 2.5.2
QuickTime
Realm of the Mad God
Realtek High Definition Audio Driver
RegAce System Suite
Safari
Search Settings 1.2.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Segoe UI
Simple Port Forwarding
Skype Toolbars
Skype 5.10
Smart Menus (Windows Live Toolbar)
Source SDK Base - Orange Box
sp44626
Spelling Dictionaries Support For Adobe Reader 8
Sphere (remove only)
Spiral Knights
SPORE Creature Creator Trial Edition
SQLyog Community 6.03
Steam
Stylin' Studio v1.0
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
Team Fortress 2 Dedicated Server
Terraria
The Binding Of Isaac
The Weather Channel App
The Weather Channel Desktop 6
TortoiseSVN 1.6.7.18415 (32 bit)
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VideoToolkit01
VTFEdit 1.2.5
Warcraft III
Warframe
WeGame Client 2.2.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
XSplit
.
==== End Of File ===========================
ark.txt
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-16 19:28:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000065 ST332082 rev.3.CH 298.09GB
Running: m7shzt81.exe; Driver: C:\Users\TROYMA~1\AppData\Local\Temp\fwldypod.sys
---- System - GMER 2.0 ----
SSDT 88518648 ZwAlertResumeThread
SSDT 88518728 ZwAlertThread
SSDT 88525558 ZwAllocateVirtualMemory
SSDT 87D392C0 ZwAlpcConnectPort
SSDT 88527900 ZwAssignProcessToJobObject
SSDT 88518398 ZwCreateMutant
SSDT 885275D8 ZwCreateSymbolicLinkObject
SSDT 88BBB060 ZwCreateThread
SSDT 885279E0 ZwDebugActiveProcess
SSDT 88525728 ZwDuplicateObject
SSDT 884F4E68 ZwFreeVirtualMemory
SSDT 88518488 ZwImpersonateAnonymousToken
SSDT 88518568 ZwImpersonateThread
SSDT 87D39248 ZwLoadDriver
SSDT 884F4D68 ZwMapViewOfSection
SSDT 885182B8 ZwOpenEvent
SSDT 88BAA9C0 ZwOpenProcess
SSDT 88525648 ZwOpenProcessToken
SSDT 88527C08 ZwOpenSection
SSDT 88525818 ZwOpenThread
SSDT 88527810 ZwProtectVirtualMemory
SSDT 88527FA8 ZwResumeThread
SSDT 884F4AB8 ZwSetContextThread
SSDT 884F4B98 ZwSetInformationProcess
SSDT 88527AC0 ZwSetSystemInformation
SSDT 88527EA8 ZwSuspendProcess
SSDT 88518BF0 ZwSuspendThread
SSDT 8864DE58 ZwTerminateProcess
SSDT 884F49D8 ZwTerminateThread
SSDT 884F4C88 ZwUnmapViewOfSection
SSDT 884F4F38 ZwWriteVirtualMemory
SSDT 88527710 ZwCreateThreadEx
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 82CB57E0 8 Bytes [48, 86, 51, 88, 28, 87, 51, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 82CB57F4 4 Bytes [58, 55, 52, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 82CB5800 4 Bytes [C0, 92, D3, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 82CB5854 4 Bytes CALL D54458DB
.text ntkrnlpa.exe!KeSetEvent + 1F5 82CB58B8 4 Bytes [98, 83, 51, 88]
.text ...
? C:\Users\TROYMA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.0 ----
.text C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE[868] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00275560
.text C:\Windows\System32\rundll32.exe[1240] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 001E5560
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1384] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 003F5560
.text C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe[2112] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 002B5560
.text C:\Windows\ehome\ehtray.exe[2404] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 014A5560
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ntdll.dll!NtSetInformationProcess 77835194 5 Bytes JMP 032C0594
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!ReadProcessMemory + 3E 76741CB3 7 Bytes JMP 032C012A
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!WriteProcessMemory + 106 76741DBE 7 Bytes JMP 032C03D0
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!CreateIoCompletionPort + 52 76769D96 7 Bytes JMP 032C04B2
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!VirtualAllocEx + 54 7678AF50 7 Bytes JMP 032C02EE
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!CreateThread 7678CB0E 5 Bytes JMP 032C0048
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!GetProcessHandleCount + 35 767D5DD3 7 Bytes JMP 032C020C
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!SetWindowsHookExW 75F687AD 5 Bytes JMP 694425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CallNextHookEx 75F68E3B 5 Bytes JMP 69467FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!UnhookWindowsHookEx 75F698DB 5 Bytes JMP 6948ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DefWindowProcA 75F6DB88 7 Bytes JMP 69409805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExA 75F6DC2A 5 Bytes JMP 6941363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExW 75F71305 5 Bytes JMP 694703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DefWindowProcW 75F803B4 7 Bytes JMP 69468042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!OleLoadFromStream 776A1E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!OleLoadFromStream 776A1E80 5 Bytes JMP 69599784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!CoGetTreatAsClass + D2F 776BFAE3 7 Bytes JMP 032C0676
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!CoCreateInstance + 3E 776D9F7C 7 Bytes JMP 032C0758
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 001C1FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 001C1F8C
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!NtResumeThread 77835024 3 Bytes JMP 00835560
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!NtResumeThread + 4 77835028 1 Byte [89]
.text C:\Program Files\Radica\Stylin' Studio\SS_MW.exe[3264] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00265560
.text C:\Windows\ehome\ehmsas.exe[3364] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 000D5560
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3452] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00925560
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02E11FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02E11F8C
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 002C5560
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02D31FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02D31F8C
.text C:\Windows\system32\NOTEPAD.EXE[5192] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
.text C:\Windows\system32\wuauclt.exe[5364] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00075560
.text C:\Windows\system32\svchost.exe[5652] svchost.exe 005D2083 6 Bytes PUSH 00050000; RET
.text C:\Windows\system32\svchost.exe[5652] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00065560
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00045560
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ntdll.dll!NtSetInformationProcess 77835194 5 Bytes JMP 05380594
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!ReadProcessMemory + 3E 76741CB3 7 Bytes JMP 0538012A
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!WriteProcessMemory + 106 76741DBE 7 Bytes JMP 053803D0
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!CreateIoCompletionPort + 52 76769D96 7 Bytes JMP 053804B2
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!VirtualAllocEx + 54 7678AF50 7 Bytes JMP 053802EE
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!CreateThread 7678CB0E 5 Bytes JMP 05380048
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!GetProcessHandleCount + 35 767D5DD3 7 Bytes JMP 0538020C
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!SetWindowsHookExW 75F687AD 5 Bytes JMP 694425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CallNextHookEx 75F68E3B 5 Bytes JMP 69467FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!UnhookWindowsHookEx 75F698DB 5 Bytes JMP 6948ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DefWindowProcA 75F6DB88 7 Bytes JMP 69409805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExA 75F6DC2A 5 Bytes JMP 6941363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExW 75F71305 5 Bytes JMP 694703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DefWindowProcW 75F803B4 7 Bytes JMP 69468042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!OleLoadFromStream 776A1E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!OleLoadFromStream 776A1E80 5 Bytes JMP 69599784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!CoGetTreatAsClass + D2F 776BFAE3 7 Bytes JMP 05380676
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!CoCreateInstance + 3E 776D9F7C 7 Bytes JMP 05380758
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02DB1FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02DB1F8C
.text C:\Windows\system32\ctfmon.exe[5836] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[6128] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
.text C:\Users\Troy Malsam\Desktop\HijackThis.exe[8136] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00145560
---- EOF - GMER 2.0 ----