Lately my computer has been running very slow. If anyone could help I would greatly appreciate it! Have had great help from this website many years ago.
BELOW IS MY
HIJACK LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:23:06 AM, on 13/10/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Users\Latitude\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Latitude\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Latitude\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112...000016cf3f3ea5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4cff1016-c2e2-4fdd-9c67-e32200c25ff9} - C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll
O2 - BHO: Toolbar BHO - {03123bb6-a811-407e-b323-66cf0be510b1} - C:\PROGRA~1\RETROG~2\bar\1.bin\4wbar.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Search Assistant BHO - {d757dbfc-1494-4647-a8b3-abd654988dd8} - C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Retrogamer - {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Retrogamer Search Scope Monitor] "C:\PROGRA~1\RETROG~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [Retrogamer_4w Browser Plugin Loader] C:\PROGRA~1\RETROG~2\bar\1.bin\4wbrmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKCU\..\Run: [FileZilla Client] RUNDLL32.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Driver Detective] C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CNET TechTracker.lnk = C:\Users\Latitude\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RetrogamerService (Retrogamer_4wService) - COMPANYVERS_NAME - C:\PROGRA~1\RETROG~2\bar\1.bin\4wbarsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe
--
End of file - 8028 bytes
DDS FILE
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Latitude at 3:24:22 on 2012-10-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.1014.83 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\lxducoms.exe
C:\PROGRA~1\RETROG~2\bar\1.bin\4wbarsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Users\Latitude\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Latitude\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Latitude\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=3312_2&babsrc=HP_ss&mntrId=de06e9480000000000000016cf3f3ea 5
uURLSearchHooks: N/A: {4cff1016-c2e2-4fdd-9c67-e32200c25ff9} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll
BHO: Toolbar BHO: {03123bb6-a811-407e-b323-66cf0be510b1} - c:\progra~1\retrog~2\bar\1.bin\4wbar.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.6.4.6\bh\BabylonToolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Search Assistant BHO: {d757dbfc-1494-4647-a8b3-abd654988dd8} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Retrogamer: {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - c:\program files\retrogamer_4w\bar\1.bin\4wbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.6.4.6\BabylonToolbarTlbr.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [FileZilla Client] RUNDLL32.EXE
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Driver Detective] c:\program files\pc drivers headquarters\driver detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray
/showWelcome:false
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Retrogamer Search Scope Monitor] "c:\progra~1\retrog~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h
mRun: [Retrogamer_4w Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\4wbrmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
StartupFolder: c:\users\latitude\appdata\roaming\micros~1\windows\startm~1\programs\startu p\cnette~1.lnk - c:\users\latitude\appdata\roaming\cbs interactive
\cnet techtracker\TechTracker.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 64.59.176.15 64.59.177.227
TCP: Interfaces\{55D59401-18D0-4AD7-B185-BDB155554162} : DhcpNameServer = 64.59.176.15 64.59.177.227
TCP: Interfaces\{8AFC0B08-8901-42D3-B388-806832CFDEE9} : DhcpNameServer = 64.59.176.15 64.59.177.227
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\latitude\appdata\roaming\mozilla\firefox\profiles\clauxi8f.default \
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.http - 207.109.158.30
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\retrogamer_4w\bar\1.bin\NP4wStub.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\users\latitude\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\latitude\appdata\roaming\mozilla\firefox\profiles\clauxi8f.default \extensions\2020player_web@2020technologies.com\plugins
\NP_2020Player_WEB.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3312_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - de06e9480000000000000016cf3f3ea5
FF - user.js: extensions.BabylonToolbar.instlDay - 15568
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.614:01:57
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-25 27496]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 Retrogamer_4wService;RetrogamerService;c:\progra~1\retrog~2\bar\1.bin\4wbar svc.exe [2012-3-14 42504]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-5-27 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-5-27 451960]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxduserv.exe [2012-8-28 94208]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-7 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-7 114144]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-5-27 10752]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-14 1343400]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-10-08 19:28:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 19:28:35 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-03 20:36:14 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-24 19:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-07-26 07:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 3:25:17.75 ===============
ARK FILE
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-13 03:44:37
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC74P
Running: dch77z0t.exe; Driver: C:\Users\Latitude\AppData\Local\Temp\fxlyrkod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x889EA004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x889EA0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x889E9D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x889E9E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x889E9EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x889E9F56]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A8E599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4A0 82ABA9B0 8 Bytes [04, A0, 9E, 88, D4, A0, 9E, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82ABA9F8 4 Bytes [76, 9D, 9E, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82ABACC8 8 Bytes [1E, 9E, 9E, 88, BA, 9E, 9E, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82ABAD3C 4 Bytes [56, 9F, 9E, 88]
? C:\Users\Latitude\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B1E26000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B1E26123 629 Bytes [15, E2, B1, FE, 05, 34, 15, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B1E26399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B1E263FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B B1E264AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] ntdll.dll!wcsncmp + 33B 77C9F580 7 Bytes JMP 5F7B0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7592C0CF 7 Bytes JMP 5F9E7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] kernel32.dll!CloseHandle + 38 7593060F 7 Bytes JMP 5F9E7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] kernel32.dll!GetExitCodeProcess + 2C 7593315D 7 Bytes JMP 5F7B3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] GDI32.dll!GetViewportOrgEx + 21C 75B185EB 7 Bytes JMP 5F9E7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4932] USER32.dll!GetWindowInfo 765E6A82 5 Bytes JMP 5F904536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4932] USER32.dll!MenuItemFromPoint + F 76604B36 7 Bytes JMP 5F904B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateFile + 6 77C84A16 4 Bytes [28, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateFile + B 77C84A1B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateKey + 6 77C84A56 4 Bytes [68, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateKey + B 77C84A5B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateMutant + 6 77C84A96 4 Bytes [68, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateMutant + B 77C84A9B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateSection + 6 77C84B36 4 Bytes [A8, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateSection + B 77C84B3B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtMapViewOfSection + 6 77C85076 4 Bytes CALL 76C8577F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtMapViewOfSection + B 77C8507B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenFile + 6 77C85126 4 Bytes [68, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenFile + B 77C8512B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenKey + 6 77C85156 4 Bytes [A8, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenKey + B 77C8515B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenKeyEx + 6 77C85166 4 Bytes CALL 76C8586C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenKeyEx + B 77C8516B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenMutant + 6 77C851A6 4 Bytes [28, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenMutant + B 77C851AB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcess + 6 77C851D6 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcess + 6 77C851D6 4 Bytes [68, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcess + B 77C851DB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcessToken + 6 77C851E6 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcessToken + 6 77C851E6 4 Bytes [A8, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcessToken + B 77C851EB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcessTokenEx + 6 77C851F6 4 Bytes [68, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcessTokenEx + B 77C851FB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenSection + 6 77C85216 4 Bytes CALL 76C8591D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenSection + B 77C8521B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThread + 6 77C85256 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThread + 6 77C85256 4 Bytes [28, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThread + B 77C8525B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThreadToken + 6 77C85266 4 Bytes [28, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThreadToken + B 77C8526B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThreadTokenEx + 6 77C85276 4 Bytes [A8, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThreadTokenEx + B 77C8527B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtQueryAttributesFile + 6 77C85386 4 Bytes [A8, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtQueryAttributesFile + B 77C8538B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtQueryFullAttributesFile + 6 77C85436 4 Bytes CALL 76C85B3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtQueryFullAttributesFile + B 77C8543B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtSetInformationFile + 6 77C85A86 4 Bytes [28, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtSetInformationFile + B 77C85A8B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtSetInformationThread + 6 77C85AE6 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtSetInformationThread + 6 77C85AE6 4 Bytes CALL 76C861EE C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtSetInformationThread + B 77C85AEB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtUnmapViewOfSection + 6 77C85E06 4 Bytes [28, 05, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtUnmapViewOfSection + B 77C85E0B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] kernel32.dll!CreateProcessW 758E202D 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] kernel32.dll!CreateProcessA 758E2062 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SelectObject 75B161D0 5 Bytes JMP 002605F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetTextColor 75B16622 5 Bytes JMP 00260A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetBkMode 75B166CD 5 Bytes JMP 002608F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!DeleteObject 75B168B4 5 Bytes JMP 002601B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!DeleteDC 75B16A2C 5 Bytes JMP 00260170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!ExtSelectClipRgn 75B16C72 5 Bytes JMP 002602F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SelectClipRgn 75B16D84 5 Bytes JMP 002605B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetDeviceCaps 75B16E03 5 Bytes JMP 002603B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetStretchBltMode 75B173CE 5 Bytes JMP 002606B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetCurrentObject 75B1777C 5 Bytes JMP 00260370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextMetricsW 75B1798F 5 Bytes JMP 00260E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!IntersectClipRect 75B17CCA 5 Bytes JMP 002603F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextAlign 75B17D15 5 Bytes JMP 00260D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetTextAlign 75B17F92 5 Bytes JMP 002609F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!ExtTextOutW 75B18053 5 Bytes JMP 00260970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetClipBox 75B181F2 5 Bytes JMP 00260330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!MoveToEx 75B18A16 5 Bytes JMP 00260470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!CreateDCA 75B19975 5 Bytes JMP 002600B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!RestoreDC 75B19A10 5 Bytes JMP 00260530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SaveDC 75B19AD2 5 Bytes JMP 00260570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!StretchDIBits 75B1AC38 5 Bytes JMP 00260770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextFaceW 75B1B4CC 5 Bytes JMP 00260D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextExtentPoint32W 75B1B535 5 Bytes JMP 00260670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetFontData 75B1B8E8 5 Bytes JMP 00260C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!CreateDCW 75B1BD21 5 Bytes JMP 002600F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!CreateICW 75B1C660 5 Bytes JMP 00260130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!LineTo 75B1CA20 5 Bytes JMP 00260430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetWorldTransform 75B1CB42 5 Bytes JMP 002606F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextMetricsA 75B1CE46 5 Bytes JMP 00260DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!Rectangle 75B1F5BE 5 Bytes JMP 002609B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetICMMode 75B1F8D4 5 Bytes JMP 00260DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!ExtTextOutA 75B20158 5 Bytes JMP 00260930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextExtentPoint32A 75B208BB 5 Bytes JMP 00260630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!Escape 75B20B0D 5 Bytes JMP 00260270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!ExtEscape 75B23472 5 Bytes JMP 002602B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextFaceA 75B23E49 5 Bytes JMP 00260CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetPolyFillMode 75B26CE1 5 Bytes JMP 00260B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetMiterLimit 75B26E54 5 Bytes JMP 00260B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!ResetDCW 75B3031C 5 Bytes JMP 00260AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!EndPage 75B307CD 5 Bytes JMP 00260230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetGlyphOutlineW 75B3C292 5 Bytes JMP 00260CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!CreateScalableFontResourceW 75B3E8EF 5 Bytes JMP 00260BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!AddFontResourceW 75B3ECEB 5 Bytes JMP 00260BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!RemoveFontResourceW 75B3F1E1 5 Bytes JMP 00260C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!AbortDoc 75B44D37 5 Bytes JMP 00260030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!EndDoc 75B4517E 5 Bytes JMP 002601F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!StartPage 75B45269 5 Bytes JMP 00260730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!StartDocW 75B45BB6 5 Bytes JMP 002607F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!BeginPath 75B4635D 5 Bytes JMP 00260830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SelectClipPath 75B463B4 5 Bytes JMP 00260AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!CloseFigure 75B4640F 5 Bytes JMP 00260070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!EndPath 75B46466 5 Bytes JMP 00260A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!StrokePath 75B46699 5 Bytes JMP 002607B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!FillPath 75B46726 5 Bytes JMP 00260870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!PolylineTo 75B46B94 5 Bytes JMP 002604F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!PolyBezierTo 75B46C25 5 Bytes JMP 002604B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!PolyDraw 75B46CD7 5 Bytes JMP 002608B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!ActivateKeyboardLayout 765D817D 5 Bytes JMP 003204F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!ScreenToClient 765DC1F2 7 Bytes JMP 00320670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!RegisterClipboardFormatA 765DE6B1 5 Bytes JMP 003202F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!RegisterClipboardFormatW 765DEDFD 5 Bytes JMP 003202B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!SetCursor 765E52EA 5 Bytes JMP 00320530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!MonitorFromWindow 765E590A 7 Bytes JMP 00320630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!PostMessageW 765E6225 5 Bytes JMP 003205F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!IsWindowVisible 765E6939 7 Bytes JMP 003206B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClientRect 765E74B1 7 Bytes JMP 003205B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!MapWindowPoints 765E7915 5 Bytes JMP 00320570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetParent 765E7AB3 7 Bytes JMP 003206F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!SetClipboardData 765F4979 5 Bytes JMP 00320170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!EmptyClipboard 765F4A28 5 Bytes JMP 00320130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardData 765F4B47 5 Bytes JMP 00320030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!EnumClipboardFormats 765F4D98 5 Bytes JMP 003201B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardFormatNameW 765F7EB2 5 Bytes JMP 00320230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!SetClipboardViewer 765F8F4D 5 Bytes JMP 003204B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardFormatNameA 765F8F61 5 Bytes JMP 00320270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetOpenClipboardWindow 765F902F 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetOpenClipboardWindow 765F902F 5 Bytes JMP 003203F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!ChangeClipboardChain 76603425 5 Bytes JMP 00320430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetTopWindow 76603A5D 7 Bytes JMP 00320730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!CloseClipboard 76605BA7 5 Bytes JMP 003200B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!OpenClipboard 76605BB9 5 Bytes JMP 00320070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!IsClipboardFormatAvailable 76605C3A 5 Bytes JMP 003200F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardSequenceNumber 76605C4E 5 Bytes JMP 00320330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardOwner 76605C60 5 Bytes JMP 00320370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!CountClipboardFormats 76605DC9 5 Bytes JMP 003201F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!SetCursorPos 7661C1D8 5 Bytes JMP 00320770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardViewer 76634B57 5 Bytes JMP 00320470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetPriorityClipboardFormat 76634C59 5 Bytes JMP 003203B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ole32.dll!OleSetClipboard 766FF1F6 5 Bytes JMP 00330030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ole32.dll!OleIsCurrentClipboard 76702370 5 Bytes JMP 00330070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ole32.dll!OleGetClipboard 7672F71D 5 Bytes JMP 003300B0
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.15 ----
Library C:\Users\Latitude\Downloads\HijackThis.exe (*** hidden *** ) @ C:\Users\Latitude\Downloads\HijackThis.exe [3912] 0x00400000
---- EOF - GMER 1.0.15 ----
BELOW IS MY
HIJACK LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:23:06 AM, on 13/10/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Users\Latitude\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Latitude\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Latitude\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112...000016cf3f3ea5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4cff1016-c2e2-4fdd-9c67-e32200c25ff9} - C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll
O2 - BHO: Toolbar BHO - {03123bb6-a811-407e-b323-66cf0be510b1} - C:\PROGRA~1\RETROG~2\bar\1.bin\4wbar.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Search Assistant BHO - {d757dbfc-1494-4647-a8b3-abd654988dd8} - C:\Program Files\Retrogamer_4w\bar\1.bin\4wSrcAs.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Retrogamer - {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Retrogamer Search Scope Monitor] "C:\PROGRA~1\RETROG~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [Retrogamer_4w Browser Plugin Loader] C:\PROGRA~1\RETROG~2\bar\1.bin\4wbrmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKCU\..\Run: [FileZilla Client] RUNDLL32.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Driver Detective] C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CNET TechTracker.lnk = C:\Users\Latitude\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RetrogamerService (Retrogamer_4wService) - COMPANYVERS_NAME - C:\PROGRA~1\RETROG~2\bar\1.bin\4wbarsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe
--
End of file - 8028 bytes
DDS FILE
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Latitude at 3:24:22 on 2012-10-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.1014.83 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\lxducoms.exe
C:\PROGRA~1\RETROG~2\bar\1.bin\4wbarsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Users\Latitude\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Latitude\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Latitude\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=3312_2&babsrc=HP_ss&mntrId=de06e9480000000000000016cf3f3ea 5
uURLSearchHooks: N/A: {4cff1016-c2e2-4fdd-9c67-e32200c25ff9} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll
BHO: Toolbar BHO: {03123bb6-a811-407e-b323-66cf0be510b1} - c:\progra~1\retrog~2\bar\1.bin\4wbar.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.6.4.6\bh\BabylonToolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Search Assistant BHO: {d757dbfc-1494-4647-a8b3-abd654988dd8} - c:\program files\retrogamer_4w\bar\1.bin\4wSrcAs.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Retrogamer: {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - c:\program files\retrogamer_4w\bar\1.bin\4wbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.6.4.6\BabylonToolbarTlbr.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [FileZilla Client] RUNDLL32.EXE
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Driver Detective] c:\program files\pc drivers headquarters\driver detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray
/showWelcome:false
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Retrogamer Search Scope Monitor] "c:\progra~1\retrog~2\bar\1.bin\4wsrchmn.exe" /m=2 /w /h
mRun: [Retrogamer_4w Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\4wbrmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
StartupFolder: c:\users\latitude\appdata\roaming\micros~1\windows\startm~1\programs\startu p\cnette~1.lnk - c:\users\latitude\appdata\roaming\cbs interactive
\cnet techtracker\TechTracker.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 64.59.176.15 64.59.177.227
TCP: Interfaces\{55D59401-18D0-4AD7-B185-BDB155554162} : DhcpNameServer = 64.59.176.15 64.59.177.227
TCP: Interfaces\{8AFC0B08-8901-42D3-B388-806832CFDEE9} : DhcpNameServer = 64.59.176.15 64.59.177.227
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\latitude\appdata\roaming\mozilla\firefox\profiles\clauxi8f.default \
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.http - 207.109.158.30
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\retrogamer_4w\bar\1.bin\NP4wStub.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\users\latitude\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\latitude\appdata\roaming\mozilla\firefox\profiles\clauxi8f.default \extensions\2020player_web@2020technologies.com\plugins
\NP_2020Player_WEB.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3312_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - de06e9480000000000000016cf3f3ea5
FF - user.js: extensions.BabylonToolbar.instlDay - 15568
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.614:01:57
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-25 27496]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 Retrogamer_4wService;RetrogamerService;c:\progra~1\retrog~2\bar\1.bin\4wbar svc.exe [2012-3-14 42504]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-5-27 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-5-27 451960]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxduserv.exe [2012-8-28 94208]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-7 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-7 114144]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-5-27 10752]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-14 1343400]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-10-08 19:28:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 19:28:35 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-03 20:36:14 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-24 19:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-07-26 07:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 3:25:17.75 ===============
ARK FILE
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-13 03:44:37
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC74P
Running: dch77z0t.exe; Driver: C:\Users\Latitude\AppData\Local\Temp\fxlyrkod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x889EA004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x889EA0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x889E9D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x889E9E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x889E9EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x889E9F56]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A8E599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4A0 82ABA9B0 8 Bytes [04, A0, 9E, 88, D4, A0, 9E, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82ABA9F8 4 Bytes [76, 9D, 9E, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82ABACC8 8 Bytes [1E, 9E, 9E, 88, BA, 9E, 9E, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82ABAD3C 4 Bytes [56, 9F, 9E, 88]
? C:\Users\Latitude\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B1E26000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B1E26123 629 Bytes [15, E2, B1, FE, 05, 34, 15, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B1E26399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B1E263FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B B1E264AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] ntdll.dll!wcsncmp + 33B 77C9F580 7 Bytes JMP 5F7B0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7592C0CF 7 Bytes JMP 5F9E7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] kernel32.dll!CloseHandle + 38 7593060F 7 Bytes JMP 5F9E7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] kernel32.dll!GetExitCodeProcess + 2C 7593315D 7 Bytes JMP 5F7B3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1628] GDI32.dll!GetViewportOrgEx + 21C 75B185EB 7 Bytes JMP 5F9E7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4932] USER32.dll!GetWindowInfo 765E6A82 5 Bytes JMP 5F904536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4932] USER32.dll!MenuItemFromPoint + F 76604B36 7 Bytes JMP 5F904B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateFile + 6 77C84A16 4 Bytes [28, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateFile + B 77C84A1B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateKey + 6 77C84A56 4 Bytes [68, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateKey + B 77C84A5B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateMutant + 6 77C84A96 4 Bytes [68, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateMutant + B 77C84A9B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateSection + 6 77C84B36 4 Bytes [A8, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtCreateSection + B 77C84B3B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtMapViewOfSection + 6 77C85076 4 Bytes CALL 76C8577F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtMapViewOfSection + B 77C8507B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenFile + 6 77C85126 4 Bytes [68, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenFile + B 77C8512B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenKey + 6 77C85156 4 Bytes [A8, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenKey + B 77C8515B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenKeyEx + 6 77C85166 4 Bytes CALL 76C8586C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenKeyEx + B 77C8516B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenMutant + 6 77C851A6 4 Bytes [28, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenMutant + B 77C851AB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcess + 6 77C851D6 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcess + 6 77C851D6 4 Bytes [68, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcess + B 77C851DB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcessToken + 6 77C851E6 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcessToken + 6 77C851E6 4 Bytes [A8, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcessToken + B 77C851EB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcessTokenEx + 6 77C851F6 4 Bytes [68, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenProcessTokenEx + B 77C851FB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenSection + 6 77C85216 4 Bytes CALL 76C8591D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenSection + B 77C8521B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThread + 6 77C85256 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThread + 6 77C85256 4 Bytes [28, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThread + B 77C8525B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThreadToken + 6 77C85266 4 Bytes [28, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThreadToken + B 77C8526B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThreadTokenEx + 6 77C85276 4 Bytes [A8, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtOpenThreadTokenEx + B 77C8527B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtQueryAttributesFile + 6 77C85386 4 Bytes [A8, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtQueryAttributesFile + B 77C8538B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtQueryFullAttributesFile + 6 77C85436 4 Bytes CALL 76C85B3B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtQueryFullAttributesFile + B 77C8543B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtSetInformationFile + 6 77C85A86 4 Bytes [28, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtSetInformationFile + B 77C85A8B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtSetInformationThread + 6 77C85AE6 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtSetInformationThread + 6 77C85AE6 4 Bytes CALL 76C861EE C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtSetInformationThread + B 77C85AEB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtUnmapViewOfSection + 6 77C85E06 4 Bytes [28, 05, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ntdll.dll!NtUnmapViewOfSection + B 77C85E0B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] kernel32.dll!CreateProcessW 758E202D 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] kernel32.dll!CreateProcessA 758E2062 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SelectObject 75B161D0 5 Bytes JMP 002605F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetTextColor 75B16622 5 Bytes JMP 00260A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetBkMode 75B166CD 5 Bytes JMP 002608F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!DeleteObject 75B168B4 5 Bytes JMP 002601B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!DeleteDC 75B16A2C 5 Bytes JMP 00260170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!ExtSelectClipRgn 75B16C72 5 Bytes JMP 002602F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SelectClipRgn 75B16D84 5 Bytes JMP 002605B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetDeviceCaps 75B16E03 5 Bytes JMP 002603B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetStretchBltMode 75B173CE 5 Bytes JMP 002606B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetCurrentObject 75B1777C 5 Bytes JMP 00260370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextMetricsW 75B1798F 5 Bytes JMP 00260E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!IntersectClipRect 75B17CCA 5 Bytes JMP 002603F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextAlign 75B17D15 5 Bytes JMP 00260D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetTextAlign 75B17F92 5 Bytes JMP 002609F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!ExtTextOutW 75B18053 5 Bytes JMP 00260970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetClipBox 75B181F2 5 Bytes JMP 00260330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!MoveToEx 75B18A16 5 Bytes JMP 00260470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!CreateDCA 75B19975 5 Bytes JMP 002600B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!RestoreDC 75B19A10 5 Bytes JMP 00260530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SaveDC 75B19AD2 5 Bytes JMP 00260570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!StretchDIBits 75B1AC38 5 Bytes JMP 00260770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextFaceW 75B1B4CC 5 Bytes JMP 00260D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextExtentPoint32W 75B1B535 5 Bytes JMP 00260670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetFontData 75B1B8E8 5 Bytes JMP 00260C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!CreateDCW 75B1BD21 5 Bytes JMP 002600F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!CreateICW 75B1C660 5 Bytes JMP 00260130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!LineTo 75B1CA20 5 Bytes JMP 00260430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetWorldTransform 75B1CB42 5 Bytes JMP 002606F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextMetricsA 75B1CE46 5 Bytes JMP 00260DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!Rectangle 75B1F5BE 5 Bytes JMP 002609B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetICMMode 75B1F8D4 5 Bytes JMP 00260DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!ExtTextOutA 75B20158 5 Bytes JMP 00260930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextExtentPoint32A 75B208BB 5 Bytes JMP 00260630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!Escape 75B20B0D 5 Bytes JMP 00260270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!ExtEscape 75B23472 5 Bytes JMP 002602B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetTextFaceA 75B23E49 5 Bytes JMP 00260CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetPolyFillMode 75B26CE1 5 Bytes JMP 00260B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SetMiterLimit 75B26E54 5 Bytes JMP 00260B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!ResetDCW 75B3031C 5 Bytes JMP 00260AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!EndPage 75B307CD 5 Bytes JMP 00260230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!GetGlyphOutlineW 75B3C292 5 Bytes JMP 00260CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!CreateScalableFontResourceW 75B3E8EF 5 Bytes JMP 00260BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!AddFontResourceW 75B3ECEB 5 Bytes JMP 00260BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!RemoveFontResourceW 75B3F1E1 5 Bytes JMP 00260C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!AbortDoc 75B44D37 5 Bytes JMP 00260030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!EndDoc 75B4517E 5 Bytes JMP 002601F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!StartPage 75B45269 5 Bytes JMP 00260730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!StartDocW 75B45BB6 5 Bytes JMP 002607F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!BeginPath 75B4635D 5 Bytes JMP 00260830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!SelectClipPath 75B463B4 5 Bytes JMP 00260AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!CloseFigure 75B4640F 5 Bytes JMP 00260070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!EndPath 75B46466 5 Bytes JMP 00260A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!StrokePath 75B46699 5 Bytes JMP 002607B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!FillPath 75B46726 5 Bytes JMP 00260870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!PolylineTo 75B46B94 5 Bytes JMP 002604F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!PolyBezierTo 75B46C25 5 Bytes JMP 002604B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] GDI32.dll!PolyDraw 75B46CD7 5 Bytes JMP 002608B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!ActivateKeyboardLayout 765D817D 5 Bytes JMP 003204F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!ScreenToClient 765DC1F2 7 Bytes JMP 00320670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!RegisterClipboardFormatA 765DE6B1 5 Bytes JMP 003202F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!RegisterClipboardFormatW 765DEDFD 5 Bytes JMP 003202B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!SetCursor 765E52EA 5 Bytes JMP 00320530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!MonitorFromWindow 765E590A 7 Bytes JMP 00320630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!PostMessageW 765E6225 5 Bytes JMP 003205F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!IsWindowVisible 765E6939 7 Bytes JMP 003206B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClientRect 765E74B1 7 Bytes JMP 003205B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!MapWindowPoints 765E7915 5 Bytes JMP 00320570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetParent 765E7AB3 7 Bytes JMP 003206F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!SetClipboardData 765F4979 5 Bytes JMP 00320170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!EmptyClipboard 765F4A28 5 Bytes JMP 00320130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardData 765F4B47 5 Bytes JMP 00320030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!EnumClipboardFormats 765F4D98 5 Bytes JMP 003201B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardFormatNameW 765F7EB2 5 Bytes JMP 00320230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!SetClipboardViewer 765F8F4D 5 Bytes JMP 003204B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardFormatNameA 765F8F61 5 Bytes JMP 00320270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetOpenClipboardWindow 765F902F 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetOpenClipboardWindow 765F902F 5 Bytes JMP 003203F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!ChangeClipboardChain 76603425 5 Bytes JMP 00320430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetTopWindow 76603A5D 7 Bytes JMP 00320730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!CloseClipboard 76605BA7 5 Bytes JMP 003200B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!OpenClipboard 76605BB9 5 Bytes JMP 00320070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!IsClipboardFormatAvailable 76605C3A 5 Bytes JMP 003200F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardSequenceNumber 76605C4E 5 Bytes JMP 00320330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardOwner 76605C60 5 Bytes JMP 00320370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!CountClipboardFormats 76605DC9 5 Bytes JMP 003201F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!SetCursorPos 7661C1D8 5 Bytes JMP 00320770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetClipboardViewer 76634B57 5 Bytes JMP 00320470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] USER32.dll!GetPriorityClipboardFormat 76634C59 5 Bytes JMP 003203B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ole32.dll!OleSetClipboard 766FF1F6 5 Bytes JMP 00330030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ole32.dll!OleIsCurrentClipboard 76702370 5 Bytes JMP 00330070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[5388] ole32.dll!OleGetClipboard 7672F71D 5 Bytes JMP 003300B0
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.15 ----
Library C:\Users\Latitude\Downloads\HijackThis.exe (*** hidden *** ) @ C:\Users\Latitude\Downloads\HijackThis.exe [3912] 0x00400000
---- EOF - GMER 1.0.15 ----