1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Everything, even Outlook, is painfully slow

Discussion in 'Virus & Other Malware Removal' started by Hibbyradge, Jan 6, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
    My PC is doing my head in! It takes ages to boot, Internet explorer regularly refuses to respond and even Outlook has to wait before opening different folders.

    Here are the logs as requested. I don't know what CD Emulation programs or Script Blockers are, so I'm assuming I don't have any running. Could anyone have a look, please?



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:05:34, on 06/01/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Virgin Media\Security\rps.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
    C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
    C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP USB Network Print Adapter\hpCtMgrE01.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Mr Kowalski\Downloads\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.topcashback.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputersownersclub.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
    O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
    O4 - HKLM\..\Run: [DHSClient.exe] "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup (User 'Default user')
    O4 - Global Startup: USB connection manager.lnk = ?
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O15 - Trusted Zone: http://tamb.ipbhost.com
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-gb/wlscctrl2.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - http://downloads.virginmedia.com/CST/ver1/vistainstaller.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HsdService - Virgin Media - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
    O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
    O23 - Service: Virgin Media Security (Radialpoint Security Services) - Virgin Media - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
    O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Virgin Media Security Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Media\Security\Fws.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: Vodafone Connector Service (VodafoneConnectorService) - Vodafone Group - C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe

    --
    End of file - 11298 bytes




    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Mr Kowalski at 10:22:24.13 on 06/01/2011
    Internet Explorer: 8.0.6001.18999
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1406 [GMT 0:00]

    AV: Virgin Media Security Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
    SP: Virgin Media Security Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Virgin Media Security Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Virgin Media\Security\Fws.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Virgin Media\Security\rps.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
    C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
    C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP USB Network Print Adapter\hpCtMgrE01.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
    C:\Windows\system32\lxdncoms.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Mr Kowalski\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.topcashback.co.uk/
    uSearch Bar = Preserve
    mDefault_Page_URL = hxxp://www.meshcomputersownersclub.com
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [<NO NAME>]
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
    mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
    mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
    mRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
    mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
    dRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe"
    dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\usbcon~1.lnk - c:\program files\hp usb network print adapter\hpCtMgrE01.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: ipbhost.com\tamb
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-gb/wlscctrl2.cab
    DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/vistainstaller.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
    R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
    R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2010-12-18 1406264]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2007-12-5 94208]
    R2 Radialpoint Security Services;Virgin Media Security;c:\program files\virgin media\security\RpsSecurityAwareR.exe [2010-1-4 165408]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-18 1153368]
    R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2010-12-18 689464]
    R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
    R2 VodafoneConnectorService;Vodafone Connector Service;c:\program files\vodafone\via the phone\VodafoneConnectorService.exe [2009-8-12 233472]
    R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2008-12-13 13824]
    R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2008-12-13 35840]
    R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2010-12-18 122376]
    R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2010-12-18 30216]
    R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [2010-12-18 27800]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
    S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\virgin media\security\avg\identity protection\agent\bin\AVGIDSAgent.exe [2010-12-18 5832712]
    S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2008-7-10 15872]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 HPNUCMP;HP NUSB Composite;c:\windows\system32\drivers\hpnucmp.sys [2008-12-13 14336]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2006-11-28 28224]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-01-05 23:22:31 388096 ----a-w- c:\users\mrkowa~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-04 09:57:30 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4b953810-cc3f-48f1-a99f-6964e4315041}\mpengine.dll
    2010-12-21 09:08:01 -------- dc-h--w- c:\progra~2\~2
    2010-12-20 16:49:42 -------- d-----w- c:\program files\iPod
    2010-12-20 16:49:41 -------- d-----w- c:\program files\iTunes
    2010-12-19 14:41:59 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-12-19 14:41:57 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-12-19 14:41:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-12-19 14:41:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-12-19 14:41:45 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-12-18 10:33:50 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2010-12-18 10:33:29 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
    2010-12-18 10:33:20 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
    2010-12-18 10:33:02 -------- d-----w- c:\program files\Raxco
    2010-12-18 10:20:57 -------- d-----w- c:\users\mrkowa~1\appdata\roaming\Radialpoint
    2010-12-18 10:19:50 -------- d-----w- c:\program files\Virgin Media
    2010-12-18 10:04:48 -------- d-----w- c:\program files\Safer Networking
    2010-12-18 00:08:33 -------- dc-h--w- c:\progra~2\~1
    2010-12-16 08:40:51 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-13 16:42:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-12-13 16:42:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2010-12-13 16:42:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2010-12-13 16:42:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2010-12-13 16:42:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2010-12-13 16:42:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2010-12-13 16:42:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2010-12-12 13:50:33 -------- d-----w- c:\users\mrkowa~1\appdata\local\ICS
    2010-12-09 20:09:18 784136 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

    ==================== Find3M ====================

    2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
    2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 10:23:34.10 ===============




    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-06 10:53:25
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 Hitachi_HDP725050GLA360 rev.GM4OA52A
    Running: sgq27yeq.exe; Driver: C:\Users\MRKOWA~1\AppData\Local\Temp\awlyypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x912C7FE4]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x912C8996]
    SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys ZwCreateThread [0x912F3864]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x912C8AF6]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x912CC36C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x912CC39E]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x912CC500]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x912C8A5A]
    SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwOpenProcess [0x81AE5620]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x912C831A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x912C844C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x912CC476]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x912CC3E0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x912CC412]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x912CC444]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x912C7F8A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x912C8B56]
    SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys ZwSetValueKey [0x912F382E]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x912C7F26]
    SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwTerminateProcess [0x81AE56D0]
    SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwTerminateThread [0x81AE5770]
    SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys ZwWriteVirtualMemory [0x81AE5810]
    SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys ZwCreateThreadEx [0x912F38DC]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 191 82ACB8F4 4 Bytes [E4, 7F, 2C, 91] {IN AL, 0x7f; SUB AL, 0x91}
    .text ntkrnlpa.exe!KeSetEvent + 1D9 82ACB93C 4 Bytes [96, 89, 2C, 91] {XCHG ESI, EAX; MOV [ECX+EDX*4], EBP}
    .text ntkrnlpa.exe!KeSetEvent + 221 82ACB984 4 Bytes [64, 38, 2F, 91] {CMP FS:[EDI], CH; XCHG ECX, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 2D1 82ACBA34 8 Bytes [F6, 8A, 2C, 91, 6C, C3, 2C, ...]
    .text ntkrnlpa.exe!KeSetEvent + 2E1 82ACBA44 4 Bytes [9E, C3, 2C, 91] {SAHF ; RET ; SUB AL, 0x91}
    .text ...
    ? System32\Drivers\bd08f0a5.sys The system cannot find the path specified. !
    ? system32\DRIVERS\eb4a454a.sys The system cannot find the path specified. !
    ? C:\Users\MRKOWA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1120] ntdll.dll!KiUserApcDispatcher 773C5D18 5 Bytes JMP 00414C10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1120] USER32.dll!InSendMessageEx + 3B1 75A1E6B0 6 Bytes JMP 716E001E
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1120] WS2_32.dll!getaddrinfo 76B2418A 5 Bytes JMP 71640022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1120] WS2_32.dll!gethostbyname 76B362D4 5 Bytes JMP 71670022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1360] ntdll.dll!KiUserApcDispatcher 773C5D18 5 Bytes JMP 004397C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1360] WS2_32.dll!getaddrinfo 76B2418A 5 Bytes JMP 71670022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1360] WS2_32.dll!gethostbyname 76B362D4 5 Bytes JMP 716E0022
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] ntdll.dll!LdrLoadDll + 1 77389391 5 Bytes [22, 00, 67, 71, C3]
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] ntdll.dll!KiUserApcDispatcher 773C5D18 5 Bytes JMP 022F7420 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] kernel32.dll!SetUnhandledExceptionFilter 76CCA84F 6 Bytes PUSH 71580022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!CreateDialogParamW 75A172A2 5 Bytes JMP 6E47DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DdeInitializeW 75A17921 6 Bytes PUSH 71520022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!GetAsyncKeyState 75A1863C 5 Bytes JMP 6E398F1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!SetWindowsHookExW 75A187AD 5 Bytes JMP 6E479AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!CallNextHookEx 75A18E3B 5 Bytes JMP 6E46D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!UnhookWindowsHookEx 75A198DB 5 Bytes JMP 6E3E4696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!EnableWindow 75A1CD8B 5 Bytes JMP 6E47DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!RegisterClassExW 75A1DA30 6 Bytes PUSH 716E0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!RegisterClassA 75A1DF42 6 Bytes PUSH 71610022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!RegisterClassW 75A1E1AB 6 Bytes PUSH 715E0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!CreateWindowExW 75A21305 5 Bytes JMP 6E47DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!GetKeyState 75A28CB1 5 Bytes JMP 6E47D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!TranslateMessage 75A301AD 6 Bytes PUSH 714C0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!IsDialogMessageW 75A30745 5 Bytes JMP 6E3A5A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!CreateDialogParamA 75A317AA 5 Bytes JMP 6E575C74 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!IsDialogMessage 75A31847 5 Bytes JMP 6E575510 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!CreateDialogIndirectParamA 75A326F1 5 Bytes JMP 6E575CAB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!CreateDialogIndirectParamW 75A39A62 5 Bytes JMP 6E575CE2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!SetKeyboardState 75A40987 5 Bytes JMP 6E57587F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxParamW 75A410B0 5 Bytes JMP 6E3A5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxIndirectParamW 75A42EF5 5 Bytes JMP 6E574FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!SendInput 75A42F75 5 Bytes JMP 6E57643B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!EndDialog 75A4326E 5 Bytes JMP 6E3A7EBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!SetCursorPos 75A56FB2 5 Bytes JMP 6E57648F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!GetClipboardData 75A5715A 6 Bytes PUSH 714F0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxParamA 75A58152 5 Bytes JMP 6E574F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!DialogBoxIndirectParamA 75A5847D 5 Bytes JMP 6E575052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxIndirectA 75A6D4D9 5 Bytes JMP 6E574F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxIndirectW 75A6D5D3 5 Bytes JMP 6E574EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxExA 75A6D639 5 Bytes JMP 6E574E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!MessageBoxExW 75A6D65D 5 Bytes JMP 6E574DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] USER32.dll!keybd_event 75A6D972 5 Bytes JMP 6E5767BF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] GDI32.dll!BitBlt 75C870A6 6 Bytes PUSH 715B0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] SHELL32.dll!SHRestricted + D95 760989A8 4 Bytes [4D, 30, 46, 60] {DEC EBP; XOR [ESI+0x60], AL}
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] SHELL32.dll!SHRestricted + D9D 760989B0 8 Bytes [57, 2F, 46, 60, 9C, 5B, 45, ...] {PUSH EDI; DAS ; INC ESI; PUSHA ; PUSHF ; POP EBX; INC EBP; PUSHA }
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] ole32.dll!OleLoadFromStream 76B71E80 5 Bytes JMP 6E575370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] ole32.dll!CoCreateInstance 76BA9F3E 5 Bytes JMP 6E47DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] ole32.dll!CoCreateInstanceEx 76BA9F81 5 Bytes JMP 71550022
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WS2_32.dll!connect 76B240D9 5 Bytes JMP 710F0022
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WS2_32.dll!getaddrinfo 76B2418A 5 Bytes JMP 710B0022
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetCloseHandle 75F39088 6 Bytes PUSH 71340022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetQueryDataAvailable 75F3BF83 6 Bytes PUSH 711F0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpAddRequestHeadersA 75F3CF4E 6 Bytes PUSH 71490022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpOpenRequestA 75F3D508 6 Bytes PUSH 71460022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetConnectA 75F3DEAE 6 Bytes PUSH 71310022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetConnectW 75F3F862 6 Bytes PUSH 712E0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpSendRequestW 75F3FABE 6 Bytes PUSH 71370022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpOpenRequestW 75F3FBFB 6 Bytes PUSH 71430022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetOpenA 75F4D690 6 Bytes PUSH 71250022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetOpenW 75F4DB09 6 Bytes PUSH 71220022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetSetStatusCallback 75F4DCC8 6 Bytes PUSH 71190022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpSendRequestA 75F4EE89 6 Bytes PUSH 71400022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetReadFileExA 75F53381 6 Bytes PUSH 711C0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetGetCookieExA 75F54BD0 6 Bytes PUSH 71280022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetWriteFile 75F9608E 6 Bytes PUSH 71160022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpSendRequestExA 75FAA666 6 Bytes PUSH 713D0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!HttpSendRequestExW 75FAA6BF 6 Bytes PUSH 713A0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[1576] WININET.dll!InternetGetCookieA 75FABD44 6 Bytes PUSH 712B0022; RET
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtCreateFile + 6 773C43DA 4 Bytes [28, 00, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtCreateFile + B 773C43DF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtMapViewOfSection + 6 773C4B2A 1 Byte [28]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtMapViewOfSection + 6 773C4B2A 4 Bytes [28, 03, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtMapViewOfSection + B 773C4B2F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenFile + 6 773C4BBA 4 Bytes [68, 00, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenFile + B 773C4BBF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenProcess + 6 773C4C3A 4 Bytes [A8, 01, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenProcess + B 773C4C3F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenProcessToken + B 773C4C4F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenProcessTokenEx + 6 773C4C5A 4 Bytes [A8, 02, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenProcessTokenEx + B 773C4C5F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenThread + 6 773C4CAA 4 Bytes [68, 01, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenThread + B 773C4CAF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenThreadToken + 6 773C4CBA 4 Bytes [68, 02, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenThreadToken + B 773C4CBF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtOpenThreadTokenEx + B 773C4CCF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtQueryAttributesFile + 6 773C4D5A 4 Bytes [A8, 00, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtQueryAttributesFile + B 773C4D5F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtQueryFullAttributesFile + B 773C4E0F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtSetInformationFile + 6 773C52EA 4 Bytes [28, 01, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtSetInformationFile + B 773C52EF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtSetInformationThread + 6 773C533A 4 Bytes [28, 02, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtSetInformationThread + B 773C533F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtUnmapViewOfSection + 6 773C55DA 1 Byte [68]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtUnmapViewOfSection + 6 773C55DA 4 Bytes [68, 03, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[1784] ntdll.dll!NtUnmapViewOfSection + B 773C55DF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtCreateFile + 6 773C43DA 4 Bytes [28, 00, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtCreateFile + B 773C43DF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtMapViewOfSection + 6 773C4B2A 1 Byte [28]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtMapViewOfSection + 6 773C4B2A 4 Bytes [28, 03, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtMapViewOfSection + B 773C4B2F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenFile + 6 773C4BBA 4 Bytes [68, 00, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenFile + B 773C4BBF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenProcess + 6 773C4C3A 4 Bytes [A8, 01, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenProcess + B 773C4C3F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenProcessToken + B 773C4C4F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenProcessTokenEx + 6 773C4C5A 4 Bytes [A8, 02, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenProcessTokenEx + B 773C4C5F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenThread + 6 773C4CAA 4 Bytes [68, 01, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenThread + B 773C4CAF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenThreadToken + 6 773C4CBA 4 Bytes [68, 02, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenThreadToken + B 773C4CBF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenThreadTokenEx + B 773C4CCF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtQueryAttributesFile + 6 773C4D5A 4 Bytes [A8, 00, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtQueryAttributesFile + B 773C4D5F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtQueryFullAttributesFile + B 773C4E0F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtSetInformationFile + 6 773C52EA 4 Bytes [28, 01, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtSetInformationFile + B 773C52EF 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtSetInformationThread + 6 773C533A 4 Bytes [28, 02, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtSetInformationThread + B 773C533F 1 Byte [E2]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtUnmapViewOfSection + 6 773C55DA 1 Byte [68]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtUnmapViewOfSection + 6 773C55DA 4 Bytes [68, 03, 16, 00]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtUnmapViewOfSection + B 773C55DF 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] ntdll.dll!LdrLoadDll + 1 77389391 5 Bytes [22, 00, 67, 71, C3]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] ntdll.dll!KiUserApcDispatcher 773C5D18 5 Bytes JMP 02C07420 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] kernel32.dll!SetUnhandledExceptionFilter 76CCA84F 6 Bytes PUSH 71580022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!DdeInitializeW 75A17921 6 Bytes PUSH 71520022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!RegisterClassExW 75A1DA30 6 Bytes PUSH 716E0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!RegisterClassA 75A1DF42 6 Bytes PUSH 71610022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!RegisterClassW 75A1E1AB 6 Bytes PUSH 715E0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!CreateWindowExW 75A21305 5 Bytes JMP 6E47DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!TranslateMessage 75A301AD 6 Bytes PUSH 714C0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!DialogBoxParamW 75A410B0 5 Bytes JMP 6E3A5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!DialogBoxIndirectParamW 75A42EF5 5 Bytes JMP 6E574FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!GetClipboardData 75A5715A 6 Bytes PUSH 714F0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!DialogBoxParamA 75A58152 5 Bytes JMP 6E574F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!DialogBoxIndirectParamA 75A5847D 5 Bytes JMP 6E575052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!MessageBoxIndirectA 75A6D4D9 5 Bytes JMP 6E574F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!MessageBoxIndirectW 75A6D5D3 5 Bytes JMP 6E574EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!MessageBoxExA 75A6D639 5 Bytes JMP 6E574E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] USER32.dll!MessageBoxExW 75A6D65D 5 Bytes JMP 6E574DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] GDI32.dll!BitBlt 75C870A6 6 Bytes PUSH 715B0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] ole32.dll!CoCreateInstance 76BA9F3E 5 Bytes JMP 71640022
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] ole32.dll!CoCreateInstanceEx 76BA9F81 5 Bytes JMP 71550022
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetCloseHandle 75F39088 6 Bytes PUSH 71340022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetQueryDataAvailable 75F3BF83 6 Bytes PUSH 711F0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!HttpAddRequestHeadersA 75F3CF4E 6 Bytes PUSH 71490022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!HttpOpenRequestA 75F3D508 6 Bytes PUSH 71460022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetConnectA 75F3DEAE 6 Bytes PUSH 71310022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetConnectW 75F3F862 6 Bytes PUSH 712E0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!HttpSendRequestW 75F3FABE 6 Bytes PUSH 71370022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!HttpOpenRequestW 75F3FBFB 6 Bytes PUSH 71430022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetOpenA 75F4D690 6 Bytes PUSH 71250022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetOpenW 75F4DB09 6 Bytes PUSH 71220022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetSetStatusCallback 75F4DCC8 6 Bytes PUSH 71190022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!HttpSendRequestA 75F4EE89 6 Bytes PUSH 71400022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetReadFileExA 75F53381 6 Bytes PUSH 711C0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetGetCookieExA 75F54BD0 6 Bytes PUSH 71280022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetWriteFile 75F9608E 6 Bytes PUSH 71160022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!HttpSendRequestExA 75FAA666 6 Bytes PUSH 713D0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!HttpSendRequestExW 75FAA6BF 6 Bytes PUSH 713A0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] WININET.dll!InternetGetCookieA 75FABD44 6 Bytes PUSH 712B0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] ws2_32.dll!connect 76B240D9 5 Bytes JMP 710F0022
    .text C:\Program Files\Internet Explorer\iexplore.exe[3164] ws2_32.dll!getaddrinfo 76B2418A 5 Bytes JMP 710B0022
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] ntdll.dll!LdrLoadDll + 1 77389391 5 Bytes [22, 00, 67, 71, C3]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] ntdll.dll!KiUserApcDispatcher 773C5D18 5 Bytes JMP 02307420 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] kernel32.dll!SetUnhandledExceptionFilter 76CCA84F 6 Bytes PUSH 71580022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CreateDialogParamW 75A172A2 5 Bytes JMP 6E47DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DdeInitializeW 75A17921 6 Bytes PUSH 71520022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!GetAsyncKeyState 75A1863C 5 Bytes JMP 6E398F1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!SetWindowsHookExW 75A187AD 5 Bytes JMP 6E479AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CallNextHookEx 75A18E3B 5 Bytes JMP 6E46D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!UnhookWindowsHookEx 75A198DB 5 Bytes JMP 6E3E4696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!EnableWindow 75A1CD8B 5 Bytes JMP 6E47DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!RegisterClassExW 75A1DA30 6 Bytes PUSH 716E0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!RegisterClassA 75A1DF42 6 Bytes PUSH 71610022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!RegisterClassW 75A1E1AB 6 Bytes PUSH 715E0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CreateWindowExW 75A21305 5 Bytes JMP 6E47DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!GetKeyState 75A28CB1 5 Bytes JMP 6E47D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!TranslateMessage 75A301AD 6 Bytes PUSH 714C0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!IsDialogMessageW 75A30745 5 Bytes JMP 6E3A5A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CreateDialogParamA 75A317AA 5 Bytes JMP 6E575C74 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!IsDialogMessage 75A31847 5 Bytes JMP 6E575510 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CreateDialogIndirectParamA 75A326F1 5 Bytes JMP 6E575CAB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!CreateDialogIndirectParamW 75A39A62 5 Bytes JMP 6E575CE2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!SetKeyboardState 75A40987 5 Bytes JMP 6E57587F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxParamW 75A410B0 5 Bytes JMP 6E3A5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxIndirectParamW 75A42EF5 5 Bytes JMP 6E574FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!SendInput 75A42F75 5 Bytes JMP 6E57643B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!EndDialog 75A4326E 5 Bytes JMP 6E3A7EBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!SetCursorPos 75A56FB2 5 Bytes JMP 6E57648F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!GetClipboardData 75A5715A 6 Bytes PUSH 714F0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxParamA 75A58152 5 Bytes JMP 6E574F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!DialogBoxIndirectParamA 75A5847D 5 Bytes JMP 6E575052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxIndirectA 75A6D4D9 5 Bytes JMP 6E574F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxIndirectW 75A6D5D3 5 Bytes JMP 6E574EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxExA 75A6D639 5 Bytes JMP 6E574E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!MessageBoxExW 75A6D65D 5 Bytes JMP 6E574DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] USER32.dll!keybd_event 75A6D972 5 Bytes JMP 6E5767BF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] GDI32.dll!BitBlt 75C870A6 6 Bytes PUSH 715B0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] SHELL32.dll!SHRestricted + D95 760989A8 4 Bytes [4D, 30, 46, 60] {DEC EBP; XOR [ESI+0x60], AL}
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] SHELL32.dll!SHRestricted + D9D 760989B0 8 Bytes [57, 2F, 46, 60, 9C, 5B, 45, ...] {PUSH EDI; DAS ; INC ESI; PUSHA ; PUSHF ; POP EBX; INC EBP; PUSHA }
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] ole32.dll!OleLoadFromStream 76B71E80 5 Bytes JMP 6E575370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] ole32.dll!CoCreateInstance 76BA9F3E 5 Bytes JMP 6E47DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] ole32.dll!CoCreateInstanceEx 76BA9F81 5 Bytes JMP 71550022
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WS2_32.dll!connect 76B240D9 5 Bytes JMP 710F0022
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WS2_32.dll!getaddrinfo 76B2418A 5 Bytes JMP 710B0022
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetCloseHandle 75F39088 6 Bytes PUSH 71340022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetQueryDataAvailable 75F3BF83 6 Bytes PUSH 711F0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!HttpAddRequestHeadersA 75F3CF4E 6 Bytes PUSH 71490022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!HttpOpenRequestA 75F3D508 6 Bytes PUSH 71460022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetConnectA 75F3DEAE 6 Bytes PUSH 71310022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetConnectW 75F3F862 6 Bytes PUSH 712E0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!HttpSendRequestW 75F3FABE 6 Bytes PUSH 71370022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!HttpOpenRequestW 75F3FBFB 6 Bytes PUSH 71430022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetOpenA 75F4D690 6 Bytes PUSH 71250022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetOpenW 75F4DB09 6 Bytes PUSH 71220022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetSetStatusCallback 75F4DCC8 6 Bytes PUSH 71190022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!HttpSendRequestA 75F4EE89 6 Bytes PUSH 71400022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetReadFileExA 75F53381 6 Bytes PUSH 711C0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetGetCookieExA 75F54BD0 6 Bytes PUSH 71280022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetWriteFile 75F9608E 6 Bytes PUSH 71160022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!HttpSendRequestExA 75FAA666 6 Bytes PUSH 713D0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!HttpSendRequestExW 75FAA6BF 6 Bytes PUSH 713A0022; RET
    .text C:\Program Files\Internet Explorer\iexplore.exe[3980] WININET.dll!InternetGetCookieA 75FABD44 6 Bytes PUSH 712B0022; RET
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!LdrLoadDll + 1 77389391 5 Bytes [22, 00, 67, 71, C3]
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ntdll.dll!KiUserApcDispatcher 773C5D18 5 Bytes JMP 02297420 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] kernel32.dll!CreateNamedPipeW 76CA5C0C 6 Bytes JMP 713D000A
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] kernel32.dll!CancelIo 76CABAE4 6 Bytes JMP 7144000A
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] kernel32.dll!CreateIoCompletionPort 76CC9CB4 6 Bytes JMP 713A000A
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] kernel32.dll!SetUnhandledExceptionFilter 76CCA84F 6 Bytes PUSH 71580022; RET
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] kernel32.dll!CloseHandle 76CEAE8D 6 Bytes JMP 7147000A
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] kernel32.dll!GetQueuedCompletionStatus 76CED0F5 6 Bytes JMP 714A000A
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] USER32.dll!RegisterClassExW 75A1DA30 6 Bytes PUSH 716E0022; RET
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] USER32.dll!SetWindowLongW 75A213B4 6 Bytes PUSH 71520022; RET
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] USER32.dll!TranslateMessage 75A301AD 6 Bytes PUSH 714F0022; RET
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] USER32.dll!GetClipboardData 75A5715A 6 Bytes PUSH 71550022; RET
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] GDI32.dll!BitBlt 75C870A6 6 Bytes PUSH 715E0022; RET
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] GDI32.dll!StretchDIBits 75C878CF 6 Bytes PUSH 715B0022; RET
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] ADVAPI32.dll!CreateProcessAsUserW 77511EE9 6 Bytes PUSH 71640022; RET
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] WS2_32.dll!getaddrinfo 76B2418A 5 Bytes JMP 714C0022
    .text C:\Users\Mr Kowalski\AppData\Local\Google\Chrome\Application\chrome.exe[4796] CRYPT32.dll!CertVerifyCertificateChainPolicy 7536DC54 6 Bytes PUSH 71610022; RET

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys
    AttachedDevice \Driver\tdx \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
    AttachedDevice \Driver\tdx \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158307d1c2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x1C 0x93 0x32 0x2D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x23 0x48 0x36 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xA3 0x3C 0xCF 0x66 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xC1 0xAC 0xA1 0x9A ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158307d1c2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x1C 0x93 0x32 0x2D ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x23 0x48 0x36 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xA3 0x3C 0xCF 0x66 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xC1 0xAC 0xA1 0x9A ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158307d1c2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0x1C 0x93 0x32 0x2D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x23 0x48 0x36 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0xA3 0x3C 0xCF 0x66 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0xC1 0xAC 0xA1 0x9A ...
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00158307d1c2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\[email protected] 0x1C 0x93 0x32 0x2D ...
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\[email protected] 0x9B 0x23 0x48 0x36 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\[email protected] 0xA3 0x3C 0xCF 0x66 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\[email protected] 0xC1 0xAC 0xA1 0x9A ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34A0FF07-F11A-4157-84A3-92F8AD688CBF}@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ...

    ---- EOF - GMER 1.0.15 ----
     
  2. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
    I thought I'd attached the attach file, but I can't see it in my post.

    Here goes again.
     

    Attached Files:

  3. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
  4. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
    Just giving it a bump.
     
  5. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
    Would it be possible for someone to have a look at these logs, please?

    If nothing malicious is there, I'd be really grateful for the peace of mind.
     
  6. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
    Should I start a new thread with a more dramatic title? :)
     
  7. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
    I think I've followed all the posting and bumping rules.

    Please advise if I've done something wrong.
     
  8. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
    Bump again.
     
  9. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
  10. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
    I know I'm like a dog with abone, but is there a reason I've not had any replies yet?
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    it looks like you have bullguard active as well as virgin media security & taht will really slow you down

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  12. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
    Thanks so much for the reply.

    I'm away from home with work for a few days, but I should be able to follow your instructions on Thursday.

    I don't think I've ever had Bullguard installed, but I could be mistaken.

    I'll let you know how I get on with Combofix.
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    Bullguard is often installed without you being aware of the install by P2P or Torrent programs
     
  14. Hibbyradge

    Hibbyradge Thread Starter

    Joined:
    May 31, 2004
    Messages:
    63
    Sorry for the lack of activity from me.

    We've had a family bereavement and priorities are elsewhere at the moment.

    I'll get back to this asap.

    Thanks for your patience.
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    OK I will wait for your reply
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972977

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice