1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Fast save and saving magnets

Discussion in 'Virus & Other Malware Removal' started by biker123, Feb 9, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. biker123

    biker123 Thread Starter

    Joined:
    Jan 31, 2013
    Messages:
    15
    My computer is infected with some virus which turn any hyperlink in a popup, Or if I'm looking at specific item it's offering me similar items from other website. I use Microsoft Security essential and a Trojan Wimad file was identified and removed but I still get the popups or coupons. I'm not very good with computer and will shurely apreciate any help removing this.

    Many thanks
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    follow advice here and post the logs those programs make
     
  3. biker123

    biker123 Thread Starter

    Joined:
    Jan 31, 2013
    Messages:
    15
    Hello dvk01, thank you for helping me witht this. I have followed your instructions and backed up my important data.

    When I run HijackThis a get a message saying that the acces was denied to the Host files. If I click OK here's the log that is generated


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:29:51 PM, on 2/9/2013
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
    C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=bd1d53ed-593d-11e2-803b-002618593937
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Zoomex - {930F9E98-B65E-0AC4-71CC-604279FD499C} - C:\ProgramData\Zoomex\50eb8e47e135b.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Zoomex - {F2ACE13E-8F57-357C-2D5F-D5279331D685} - C:\ProgramData\Zoomex\50eb8dc7566cd.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: APC UPS Status.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {980495B4-1CC6-40E5-8CBD-6F7A6E514691} (WebconcentralLauncherObject Class) - http://login.webconcentral.com/code/xp-launcher/1.0.0.131/MeetingSystem.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: c:\progra~2\zoomex\sprote~1.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxebCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
    O23 - Service: lxeb_device - - C:\Windows\system32\lxebcoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 16214 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464
    Run by Carl at 8:05:01 on 2013-02-16
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5111 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\AEADISRV.EXE
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k LexPrintListener
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxebcoms.exe
    C:\Windows\SysWOW64\IoctlSvc.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\ProgramData\Premium\ZoomEx\ZoomEx.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
    C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\splwow64.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\taskhost.exe
    c:\program files (x86)\real\realplayer\RealPlay.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    mStart Page = hxxp://searchab.com/?aff=7&uid=bd1d53ed-593d-11e2-803b-002618593937
    uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Zoomex: {930F9E98-B65E-0AC4-71CC-604279FD499C} - C:\ProgramData\Zoomex\50eb8e47e135b.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Zoomex: {F2ACE13E-8F57-357C-2D5F-D5279331D685} - C:\ProgramData\Zoomex\50eb8dc7566cd.dll
    TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [Akamai NetSession Interface] "C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe"
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {980495B4-1CC6-40E5-8CBD-6F7A6E514691} - hxxp://login.webconcentral.com/code/xp-launcher/1.0.0.131/MeetingSystem.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 96.22.246.145 24.200.228.113 24.200.210.241
    TCP: Interfaces\{131B0628-7DD3-4EDF-AAAC-1054A21FCBD0} : DHCPNameServer = 96.22.246.145 24.200.228.113 24.200.210.241
    TCP: Interfaces\{17A6FE90-5FD6-449D-829D-5D5623874B9A} : DHCPNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~2\zoomex\sprote~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    x64-Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe"
    x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe"
    x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 LexPrintListener;LexPrint Listener;C:\Windows\System32\svchost.exe -k LexPrintListener [2009-7-13 27136]
    R2 lxeb_device;lxeb_device;C:\Windows\System32\lxebcoms.exe -service --> C:\Windows\System32\lxebcoms.exe -service [?]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe [2010-3-23 45736]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-16 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
    S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-21 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-19 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-02-15 23:36:20 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{914CC640-7AF0-4630-9A7B-9C343A5C6327}\mpengine.dll
    2013-02-15 23:26:49 -------- d-----w- C:\Users\Carl\AppData\Local\{C52E4370-6CA6-4EA3-80D1-70C5559A9152}
    2013-02-14 21:25:12 -------- d-----w- C:\Users\Carl\AppData\Local\{612E84EE-F106-48EB-BE22-0138E05AB527}
    2013-02-14 03:29:12 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 03:29:12 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 00:46:21 9161176 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-14 00:43:30 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-02-14 00:43:28 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-14 00:43:28 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-02-14 00:43:22 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-14 00:43:21 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-02-14 00:43:20 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-02-14 00:43:20 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-02-14 00:43:20 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-02-14 00:43:20 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-02-14 00:43:19 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-02-14 00:43:16 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-14 00:43:16 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-02-14 00:36:13 -------- d-----w- C:\Users\Carl\AppData\Local\{B41A3921-9BB9-498B-928F-02C6D8DFC61A}
    2013-02-12 00:05:16 -------- d-----w- C:\Users\Carl\AppData\Local\{A7771FEB-F7EA-4A83-A089-DF39BCBB3A8F}
    2013-02-10 03:00:24 -------- d-----w- C:\Users\Carl\AppData\Local\{7BE40BA5-FABB-4ED4-8329-94964CC0229A}
    2013-02-09 17:28:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-02-09 15:00:00 -------- d-----w- C:\Users\Carl\AppData\Local\{A3EC6016-9B9E-40AB-A914-CD4C31DB0F6D}
    2013-02-08 00:10:25 -------- d-----w- C:\Users\Carl\AppData\Local\{E14B5A7A-E29B-4AB2-87AC-51FC62DF619A}
    2013-02-06 23:55:09 -------- d-----w- C:\Users\Carl\AppData\Local\{8140CD7E-1358-4A60-AB86-20858AD88C20}
    2013-02-05 16:55:08 -------- d-----w- C:\Users\Carl\AppData\Local\{991A4B6D-A6BF-4000-9E34-93B06485332C}
    2013-02-03 12:27:00 -------- d-----w- C:\Users\Carl\AppData\Local\{36799725-529A-48D5-9098-41688917DA24}
    2013-02-02 00:41:01 -------- d-----w- C:\Users\Carl\AppData\Local\{8351A0D7-4859-46B5-A499-710E3E236F8A}
    2013-02-01 00:23:47 -------- d-----w- C:\Users\Carl\AppData\Local\{EBC5CF29-D9F1-4036-85B5-AFC4DC323BFE}
    2013-01-31 01:17:01 -------- d-----w- C:\Users\Carl\AppData\Local\{813C4545-E85B-48C8-A2E7-4487DB428B7D}
    2013-01-30 01:46:20 -------- d-----w- C:\Users\Carl\AppData\Local\{0621D17A-E579-4BA0-B9DF-53CD561128CC}
    2013-01-27 13:18:14 -------- d-----w- C:\Users\Carl\AppData\Local\{4EA9582B-02CB-444C-9C3F-F4B5A10D4260}
    2013-01-26 21:38:13 -------- d-----w- C:\Users\Carl\AppData\Local\{EC643608-5E22-4B27-B630-32BE0E789776}
    2013-01-25 13:15:59 -------- d-----w- C:\Users\Carl\AppData\Local\{C8CBBD51-3DE3-46E7-A6D3-6DDC9AC6FF63}
    2013-01-25 00:46:31 -------- d-----w- C:\Users\Carl\AppData\Local\{9C7EE7CE-6D4C-4160-A774-3FF4C2B787CF}
    2013-01-24 12:04:29 -------- d-----w- C:\Users\Carl\AppData\Local\{2D0E5414-E3D4-4256-B684-4C310AB05986}
    2013-01-23 23:53:55 -------- d-----w- C:\Users\Carl\AppData\Local\{3CD8270A-8205-4477-B96B-A58B4A01D5DF}
    2013-01-22 00:20:48 -------- d-----w- C:\Users\Carl\AppData\Local\{53836EF3-79CC-48C8-8F61-17C0D4EFFFA8}
    2013-01-20 12:56:12 -------- d-----w- C:\Users\Carl\AppData\Local\{D0F951B1-1120-4929-BCBD-5ACFC5A7741E}
    2013-01-19 23:20:15 -------- d-----w- C:\Users\Carl\AppData\Local\{E8673C55-E8C5-4FDA-B31A-2135B61F9B92}
    .
    ==================== Find3M ====================
    .
    2013-02-08 01:07:21 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-08 01:07:21 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-12-28 22:35:56 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-12-28 22:35:56 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    .
    ============= FINISH: 8:07:01.03 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/29/2009 10:26:53 PM
    System Uptime: 2/15/2013 6:25:19 PM (14 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5Q DELUXE
    Processor: Intel(R) Core(TM)2 Quad CPU Q9650 @ 3.00GHz | LGA 775 | 3003/333mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 931 GiB total, 715.923 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP274: 1/14/2013 6:43:38 PM - Windows Update
    RP275: 1/19/2013 6:28:34 PM - Windows Update
    RP276: 1/23/2013 7:02:53 PM - Windows Update
    RP277: 1/30/2013 8:26:44 PM - Windows Update
    RP278: 2/3/2013 7:34:16 AM - Windows Update
    RP279: 2/6/2013 7:04:54 PM - Windows Update
    RP280: 2/10/2013 2:29:47 AM - Windows Update
    RP281: 2/13/2013 7:45:43 PM - Windows Update
    RP282: 2/13/2013 10:27:23 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.3
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    APC PowerChute Personal Edition
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    Bing Bar
    Bonjour
    CameraHelperMsi
    Cisco Connect
    D3DX10
    DDplus
    DDXtra
    doPDF 6.2 printer
    erLT
    Garmin City Navigator North America NT 2008
    Garmin City Navigator North America NT 2010.40
    Garmin MapSource
    Garmin Trip and Waypoint Manager v4
    Garmin USB Drivers
    Garmin WebUpdater
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.5.0.457
    HijackThis 2.0.2
    iCloud
    Image Resizer Powertoy Clone for Windows
    Intel® Matrix Storage Manager
    Internet Digital Radio Tuner 3.1.0
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    Junk Mail filter update
    Lexmark Printable Web
    Lexmark Pro200-S500 Series
    Lexmark Software Uninstall
    Lexmark Toolbar
    Lexmark Tools for Office
    LightScribe System Software
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    MapSource
    MapSource - Topo Canada v2
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliType Pro 8.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Milestone XProtect Smart Client 6.0a
    MobileMe Control Panel
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    Nero 7 Ultra Edition
    neroxml
    NVIDIA 3D Vision Controller Driver 305.93
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA nView 136.53
    NVIDIA nView Desktop Manager
    NVIDIA Stereoscopic 3D Driver
    PENTAX Digital Camera Utility
    PMB
    PMB Updater
    QuickTime
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    RealUpgrade 1.1
    Remington Shoot!
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype Toolbars
    Skype™ 5.10
    SMH10 Manager 1.4
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0)
    Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (05/10/2011 2.4.0.0)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    ZoomEx
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/15/2013 6:27:12 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/15/2013 6:26:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.
    2/15/2013 6:26:01 PM, Error: Service Control Manager [7000] - The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     

    Attached Files:

  4. biker123

    biker123 Thread Starter

    Joined:
    Jan 31, 2013
    Messages:
    15
    forgot the ark log, here it is

    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-16 16:17:39
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 931.51GB
    Running: nrw6glqz.exe; Driver: C:\Users\Carl\AppData\Local\Temp\kxldqpod.sys

    ---- User code sections - GMER 2.1 ----
    .text C:\Windows\SysWOW64\svchost.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Windows\SysWOW64\svchost.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Users\Carl\AppData\Local\Akamai\netsession_win.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[4788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[4788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 0000000077e7f9f0 5 bytes JMP 000000016aeb73a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077e7fa88 5 bytes JMP 000000016ae16df0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077e7fc18 5 bytes JMP 000000016aeb7300
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077e7fe3c 5 bytes JMP 000000016aeb7430
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e801a4 5 bytes JMP 000000016ae16e80
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077e8131c 5 bytes JMP 000000016aeb7570
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\kernel32.dll!InterlockedIncrement + 11 000000007680140b 7 bytes JMP 000000016aeb7230
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\kernel32.dll!ReadFile + 132 0000000076803f37 7 bytes JMP 000000016aeb7110
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 19 00000000768053a9 7 bytes JMP 000000016aeb6ff0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077122da4 5 bytes JMP 000000016b2f9ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007713cbf3 5 bytes JMP 000000016b448f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007713cfca 5 bytes JMP 000000016b251893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007715cb0c 5 bytes JMP 000000016b448ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007715ce64 5 bytes JMP 000000016b448f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007716fbd1 5 bytes JMP 000000016b448e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007716fc9d 5 bytes JMP 000000016b448ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007716fcd6 5 bytes JMP 000000016b448d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007716fcfa 5 bytes JMP 000000016b448d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000769693ec 5 bytes JMP 000000016b449150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007307388e 5 bytes JMP 000000016b449000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073117922 5 bytes JMP 000000016b4490a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8036] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000773e2694 5 bytes JMP 000000016b449348
    ? C:\Windows\system32\mssprxy.dll [8036] entry point in ".rdata" section 00000000746671e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077e925fd 6 bytes JMP 000000016b318054
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ea2a63 6 bytes JMP 000000016b2b980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000768034b5 5 bytes JMP 000000016b2b75e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077118a29 5 bytes JMP 000000016b3203df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007711d22e 5 bytes JMP 000000016b2c3643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007712291f 5 bytes JMP 000000016b29ddb3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077122da4 5 bytes JMP 000000016b2f9ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077126285 5 bytes JMP 000000016b317ff1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077127603 5 bytes JMP 000000016b2f25b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007712b029 5 bytes JMP 000000016b4492d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007712c63e 5 bytes JMP 000000016b449310
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000771350ed 5 bytes JMP 000000016b4499d2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000077135246 5 bytes JMP 000000016b449268
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!EndDialog 000000007713b99c 5 bytes JMP 000000016b449ca6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007713c701 5 bytes JMP 000000016b4499fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007713cbf3 5 bytes JMP 000000016b448f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007713cfca 5 bytes JMP 000000016b251893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007713eb96 5 bytes JMP 000000016b29dedd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007713f52b 5 bytes JMP 000000016b33ed14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!SendInput 000000007713ff4a 5 bytes JMP 000000016b44a269
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000771410dc 5 bytes JMP 000000016b4492a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000771414b2 5 bytes JMP 000000016b44a2c1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000077159cfd 5 bytes JMP 000000016b44a342
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007715cb0c 5 bytes JMP 000000016b448ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007715ce64 5 bytes JMP 000000016b448f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007716fbd1 5 bytes JMP 000000016b448e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007716fc9d 5 bytes JMP 000000016b448ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007716fcd6 5 bytes JMP 000000016b448d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007716fcfa 5 bytes JMP 000000016b448d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\USER32.dll!keybd_event 00000000771702bf 5 bytes JMP 000000016b44a226
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076fa6143 5 bytes JMP 000000016b449704
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076903e59 5 bytes JMP 000000016b4497fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076903eae 5 bytes JMP 000000016b44987a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076904731 5 bytes JMP 000000016b44976e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076905dee 5 bytes JMP 000000016b44981a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000769693ec 5 bytes JMP 000000016b449150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007307388e 5 bytes JMP 000000016b449000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073117922 5 bytes JMP 000000016b4490a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000773d33a3 5 bytes JMP 000000016b4493ec
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000773e2694 5 bytes JMP 000000016b449348
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3380] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000773ee8ff 5 bytes JMP 000000016b4494b8
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[5284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[5284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077e925fd 6 bytes JMP 000000016b318054
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ea2a63 6 bytes JMP 000000016b2b980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000768034b5 5 bytes JMP 000000016b2b75e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077118a29 5 bytes JMP 000000016b3203df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007711d22e 5 bytes JMP 000000016b2c3643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007712291f 5 bytes JMP 000000016b29ddb3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077122da4 5 bytes JMP 000000016b2f9ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077126285 5 bytes JMP 000000016b317ff1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077127603 5 bytes JMP 000000016b2f25b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007712b029 5 bytes JMP 000000016b4492d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007712c63e 5 bytes JMP 000000016b449310
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000771350ed 5 bytes JMP 000000016b4499d2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000077135246 5 bytes JMP 000000016b449268
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!EndDialog 000000007713b99c 5 bytes JMP 000000016b449ca6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007713c701 5 bytes JMP 000000016b4499fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007713cbf3 5 bytes JMP 000000016b448f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007713cfca 5 bytes JMP 000000016b251893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007713eb96 5 bytes JMP 000000016b29dedd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007713f52b 5 bytes JMP 000000016b33ed14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!SendInput 000000007713ff4a 5 bytes JMP 000000016b44a269
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000771410dc 5 bytes JMP 000000016b4492a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000771414b2 5 bytes JMP 000000016b44a2c1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000077159cfd 5 bytes JMP 000000016b44a342
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007715cb0c 5 bytes JMP 000000016b448ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007715ce64 5 bytes JMP 000000016b448f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007716fbd1 5 bytes JMP 000000016b448e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007716fc9d 5 bytes JMP 000000016b448ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007716fcd6 5 bytes JMP 000000016b448d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007716fcfa 5 bytes JMP 000000016b448d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\USER32.dll!keybd_event 00000000771702bf 5 bytes JMP 000000016b44a226
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076fa6143 5 bytes JMP 000000016b449704
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076903e59 5 bytes JMP 000000016b4497fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076903eae 5 bytes JMP 000000016b44987a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076904731 5 bytes JMP 000000016b44976e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076905dee 5 bytes JMP 000000016b44981a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000769693ec 5 bytes JMP 000000016b449150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007307388e 5 bytes JMP 000000016b449000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073117922 5 bytes JMP 000000016b4490a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000773d33a3 5 bytes JMP 000000016b4493ec
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000773e2694 5 bytes JMP 000000016b449348
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8392] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000773ee8ff 5 bytes JMP 000000016b4494b8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077e925fd 6 bytes JMP 000000016b318054
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ea2a63 6 bytes JMP 000000016b2b980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000768034b5 5 bytes JMP 000000016b2b75e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077118a29 5 bytes JMP 000000016b3203df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007711d22e 5 bytes JMP 000000016b2c3643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007712291f 5 bytes JMP 000000016b29ddb3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077122da4 5 bytes JMP 000000016b2f9ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077126285 5 bytes JMP 000000016b317ff1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077127603 5 bytes JMP 000000016b2f25b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007712b029 5 bytes JMP 000000016b4492d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007712c63e 5 bytes JMP 000000016b449310
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000771350ed 5 bytes JMP 000000016b4499d2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000077135246 5 bytes JMP 000000016b449268
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!EndDialog 000000007713b99c 5 bytes JMP 000000016b449ca6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007713c701 5 bytes JMP 000000016b4499fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007713cbf3 5 bytes JMP 000000016b448f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007713cfca 5 bytes JMP 000000016b251893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007713eb96 5 bytes JMP 000000016b29dedd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007713f52b 5 bytes JMP 000000016b33ed14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!SendInput 000000007713ff4a 5 bytes JMP 000000016b44a269
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000771410dc 5 bytes JMP 000000016b4492a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000771414b2 5 bytes JMP 000000016b44a2c1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000077159cfd 5 bytes JMP 000000016b44a342
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007715cb0c 5 bytes JMP 000000016b448ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007715ce64 5 bytes JMP 000000016b448f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007716fbd1 5 bytes JMP 000000016b448e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007716fc9d 5 bytes JMP 000000016b448ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007716fcd6 5 bytes JMP 000000016b448d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007716fcfa 5 bytes JMP 000000016b448d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\USER32.dll!keybd_event 00000000771702bf 5 bytes JMP 000000016b44a226
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076fa6143 5 bytes JMP 000000016b449704
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076903e59 5 bytes JMP 000000016b4497fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076903eae 5 bytes JMP 000000016b44987a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076904731 5 bytes JMP 000000016b44976e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076905dee 5 bytes JMP 000000016b44981a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000769693ec 5 bytes JMP 000000016b449150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007307388e 5 bytes JMP 000000016b449000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073117922 5 bytes JMP 000000016b4490a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000773d33a3 5 bytes JMP 000000016b4493ec
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000773e2694 5 bytes JMP 000000016b449348
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[8464] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000773ee8ff 5 bytes JMP 000000016b4494b8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077e925fd 6 bytes JMP 000000016b318054
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ea2a63 6 bytes JMP 000000016b2b980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000768034b5 5 bytes JMP 000000016b2b75e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077118a29 5 bytes JMP 000000016b3203df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007711d22e 5 bytes JMP 000000016b2c3643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007712291f 5 bytes JMP 000000016b29ddb3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077122da4 5 bytes JMP 000000016b2f9ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077126285 5 bytes JMP 000000016b317ff1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077127603 5 bytes JMP 000000016b2f25b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007712b029 5 bytes JMP 000000016b4492d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007712c63e 5 bytes JMP 000000016b449310
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000771350ed 5 bytes JMP 000000016b4499d2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000077135246 5 bytes JMP 000000016b449268
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!EndDialog 000000007713b99c 5 bytes JMP 000000016b449ca6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007713c701 5 bytes JMP 000000016b4499fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007713cbf3 5 bytes JMP 000000016b448f36
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007713cfca 5 bytes JMP 000000016b251893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007713eb96 5 bytes JMP 000000016b29dedd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007713f52b 5 bytes JMP 000000016b33ed14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!SendInput 000000007713ff4a 5 bytes JMP 000000016b44a269
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000771410dc 5 bytes JMP 000000016b4492a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000771414b2 5 bytes JMP 000000016b44a2c1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000077159cfd 5 bytes JMP 000000016b44a342
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007715cb0c 5 bytes JMP 000000016b448ed1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007715ce64 5 bytes JMP 000000016b448f9b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007716fbd1 5 bytes JMP 000000016b448e58
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007716fc9d 5 bytes JMP 000000016b448ddf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007716fcd6 5 bytes JMP 000000016b448d7b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007716fcfa 5 bytes JMP 000000016b448d17
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\USER32.dll!keybd_event 00000000771702bf 5 bytes JMP 000000016b44a226
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076fa6143 5 bytes JMP 000000016b449704
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076903e59 5 bytes JMP 000000016b4497fc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076903eae 5 bytes JMP 000000016b44987a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076904731 5 bytes JMP 000000016b44976e
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076905dee 5 bytes JMP 000000016b44981a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000769693ec 5 bytes JMP 000000016b449150
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f31465 2 bytes [F3, 76]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f314bb 2 bytes [F3, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007307388e 5 bytes JMP 000000016b449000
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073117922 5 bytes JMP 000000016b4490a8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000773d33a3 5 bytes JMP 000000016b4493ec
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000773e2694 5 bytes JMP 000000016b449348
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9444] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000773ee8ff 5 bytes JMP 000000016b4494b8
    ---- Registry - GMER 2.1 ----
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\[email protected]:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\[email protected]:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
    ---- EOF - GMER 2.1 ----
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  6. biker123

    biker123 Thread Starter

    Joined:
    Jan 31, 2013
    Messages:
    15
    Done and a virus has been detected, but after the scan notepad diden't opened. should I purchase a license?
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    what licence
    adwcleaner is free,

    look at C:\AdwCleaner[R1].txt for the log

    what detected a virus?
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I have deleted all the posted junk
    it looks like you have somehow downloaded and run the wrong program

    please go back to post 5
    follow the link there & download ONLY a program called adwcleaner.exe
    if the link doesn't take you to the program, tell us as it means that you are being diverted to fake sites
     
  9. biker123

    biker123 Thread Starter

    Joined:
    Jan 31, 2013
    Messages:
    15
    It works!

    # AdwCleaner v2.112 - Logfile created 02/17/2013 at 11:24:41
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Carl - CARL-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Carl\Downloads\AdwCleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\Zoomex
    Folder Found : C:\ProgramData\InstallMate
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoomex
    Folder Found : C:\ProgramData\Premium
    Folder Found : C:\ProgramData\Zoomex
    Folder Found : C:\Users\Carl\AppData\Local\Conduit
    Folder Found : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Folder Found : C:\Users\Carl\AppData\LocalLow\AVG Security Toolbar
    Folder Found : C:\Users\Carl\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Carl\AppData\LocalLow\Zoomex
    ***** [Registry] *****
    Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\zoomex\sprote~1.dll
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AppDataLow\SProtector
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{930F9E98-B65E-0AC4-71CC-604279FD499C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2ACE13E-8F57-357C-2D5F-D5279331D685}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{930F9E98-B65E-0AC4-71CC-604279FD499C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2ACE13E-8F57-357C-2D5F-D5279331D685}
    Key Found : HKCU\Software\StartSearch
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\SP Global
    Key Found : HKLM\Software\SProtector
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{930F9E98-B65E-0AC4-71CC-604279FD499C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F2ACE13E-8F57-357C-2D5F-D5279331D685}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930F9E98-B65E-0AC4-71CC-604279FD499C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2ACE13E-8F57-357C-2D5F-D5279331D685}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16464
    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchab.com/?aff=7&uid=bd1d53ed-593d-11e2-803b-002618593937
    -\\ Google Chrome v24.0.1312.57
    File : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Found [l.3] : homepage = "hxxp://searchab.com/?aff=7&uid=bd1d53ed-593d-11e2-803b-002618593937",
    Found [l.435] : homepage = "hxxp://searchab.com/?aff=7&uid=bd1d53ed-593d-11e2-803b-002618593937",
    *************************
    AdwCleaner[R1].txt - [3212 octets] - [17/02/2013 11:24:41]
    ########## EOF - C:\AdwCleaner[R1].txt - [3272 octets] ##########
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    then tell us what problems if any you still have
     
  11. biker123

    biker123 Thread Starter

    Joined:
    Jan 31, 2013
    Messages:
    15
    it worked!!! Many thanks for your help. very happy it is now fixed..
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    that is good
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088840

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice