Possible rootkit virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

acim

Thread Starter
Joined
Jan 17, 2013
Messages
4
Hi,
Thanks in advance for your help. My computer keeps restarting and restarting and only sometimes actually starts up. It tells me that the disc is somehow problematic OR it takes forever and then finally does start up.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:31:40 PM, on 1/17/2013
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Users\Pamela\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7052 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_37
Run by Pamela at 13:35:07 on 2013-01-17
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2942.1851 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CC485984-1610-4B55-A529-2DE273C9EAB6} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pamela\appdata\roaming\mozilla\firefox\profiles\fcrduraf.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - iGoogle
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={2B756C07-A6BB-441A-BE06-6FA341D51805}&mid=a3f55ec0047947d0bac7d1542652fe58-cfe7fa42eaabf4fdb9fda59dd8c98fb50bd05e8e&lang=en&ds=AVG&pr=fr&d=2012-11-08 03:04:08&v=13.2.0.4&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-9 26984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
.
=============== Created Last 30 ================
.
2013-01-17 21:11:25 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4077b2cb-f6e4-4dde-89c5-4f3b2b48e61a}\mpengine.dll
2013-01-17 20:43:05 -------- d-sh--w- C:\found.003
2013-01-17 20:27:12 -------- d-sh--w- C:\found.002
2013-01-16 12:42:14 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-15 12:28:30 -------- d-sh--w- C:\found.001
2013-01-12 11:36:50 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2013-01-09 02:33:34 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 02:33:34 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-08 11:04:01 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-22 21:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 13:35:50.80 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/2/2012 12:57:14 PM
System Uptime: 1/17/2013 1:00:15 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 424.853 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.199 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP117: 1/16/2013 1:49:14 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.6
Auslogics Disk Defrag
AVG 2013
AVG Security Toolbar
Data Lifeguard Diagnostic for Windows 1.24
Enhanced Multimedia Keyboard Solution
Glary Utilities 2.49.0.1600
Google Chrome
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
Java Auto Updater
Java(TM) 6 Update 37
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.8.15.1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Home and Student 60 day trial
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
PSSWCORE
Python 2.5
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
WeatherBug Gadget
Yahoo! Search Protection
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/17/2013 12:45:38 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
1/17/2013 12:32:26 PM, Error: EventLog [6008] - The previous system shutdown at 12:29:52 PM on 1/17/2013 was unexpected.
1/17/2013 12:29:52 PM, Error: EventLog [6008] - The previous system shutdown at 12:21:33 PM on 1/17/2013 was unexpected.
1/17/2013 1:11:50 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80070002 Error description: The system cannot find the file specified.
1/17/2013 1:11:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
1/17/2013 1:11:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.82.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/17/2013 1:02:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 i8042prt
1/17/2013 1:02:15 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error 3758162040 (0xE0010078).
1/16/2013 4:42:37 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80070002 Error description: The system cannot find the file specified.
1/16/2013 4:42:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
1/16/2013 4:41:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3946.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/16/2013 1:49:25 PM, Error: Ntfs [137] - The default transaction resource manager on volume HP encountered a non-retryable error and could not start. The data contains the error code.
1/16/2013 1:05:33 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
1/16/2013 1:04:04 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/16/2013 1:01:24 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
1/16/2013 1:01:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
1/16/2013 1:01:24 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/15/2013 4:42:07 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80070002 Error description: The system cannot find the file specified.
1/15/2013 4:42:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
1/15/2013 4:41:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3840.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/13/2013 4:53:51 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80070002 Error description: The system cannot find the file specified.
1/13/2013 4:53:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
1/13/2013 4:52:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3821.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/13/2013 3:55:50 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80070002 Error description: The system cannot find the file specified.
1/13/2013 3:55:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
1/13/2013 3:55:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3793.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/12/2013 3:55:58 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80070002 Error description: The system cannot find the file specified.
1/12/2013 3:55:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
1/12/2013 3:55:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3699.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/11/2013 3:53:37 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80070002 Error description: The system cannot find the file specified.
1/11/2013 3:53:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
1/11/2013 3:53:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3596.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/11/2013 3:44:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
1/11/2013 3:44:18 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
1/11/2013 3:44:18 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/11/2013 10:36:47 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
1/10/2013 3:49:13 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80070002 Error description: The system cannot find the file specified.
1/10/2013 3:49:13 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
1/10/2013 3:48:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3402.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/10/2013 3:36:10 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0. Please contact your system vendor for technical assistance.
1/10/2013 3:36:10 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0. Please contact your system vendor for technical assistance.
1/10/2013 11:54:28 AM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-17 14:06:50
Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\0000004d WDC_WD50 rev.12.0 465.76GB
Running: gmer.exe; Driver: C:\Users\Pamela\AppData\Local\Temp\pwlyapow.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8CBB714A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8CBB721A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8CBB6D7C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x8CBB6F6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x8CBB7000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8CBB6E32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8CBB6ECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8CBB709C]

INT 0x01 \??\C:\Users\Pamela\AppData\Local\Temp\mbr.sys 8A9E5C42

---- Kernel code sections - GMER 2.0 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F2E1340, 0x3DA8C7, 0xE8000020]
? C:\Users\Pamela\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtCreateFile + 6 778BF41A 4 Bytes [28, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtCreateFile + B 778BF41F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtCreateKey + 6 778BF45A 4 Bytes [68, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtCreateKey + B 778BF45F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtCreateMutant + 6 778BF48A 4 Bytes [28, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtCreateMutant + B 778BF48F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtCreateSection + 6 778BF50A 4 Bytes [68, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtCreateSection + B 778BF50F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtMapViewOfSection + 6 778BFB6A 4 Bytes [A8, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtMapViewOfSection + B 778BFB6F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenFile + 6 778BFBFA 4 Bytes [68, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenFile + B 778BFBFF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenKey + 6 778BFC2A 4 Bytes [A8, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenKey + B 778BFC2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenMutant + B 778BFC4F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenProcess + 6 778BFC7A 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenProcess + 6 778BFC7A 4 Bytes [28, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenProcess + B 778BFC7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenProcessToken + 6 778BFC8A 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenProcessToken + 6 778BFC8A 4 Bytes [68, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenProcessToken + B 778BFC8F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenProcessTokenEx + 6 778BFC9A 4 Bytes [28, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenProcessTokenEx + B 778BFC9F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenSection + 6 778BFCAA 4 Bytes [A8, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenSection + B 778BFCAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenThread + B 778BFCEF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenThreadToken + 6 778BFCFA 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenThreadToken + B 778BFCFF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenThreadTokenEx + 6 778BFD0A 4 Bytes [68, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtOpenThreadTokenEx + B 778BFD0F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtQueryAttributesFile + 6 778BFD9A 4 Bytes [A8, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtQueryAttributesFile + B 778BFD9F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtQueryFullAttributesFile + B 778BFE4F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtSetInformationFile + 6 778C036A 4 Bytes [28, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtSetInformationFile + B 778C036F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtSetInformationThread + 6 778C03BA 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtSetInformationThread + 6 778C03BA 4 Bytes [A8, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtSetInformationThread + B 778C03BF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ntdll.dll!NtUnmapViewOfSection + B 778C065F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] kernel32.dll!CreateProcessW 76281D27 5 Bytes JMP 000100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] kernel32.dll!CreateProcessA 76281D5C 5 Bytes JMP 000100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] kernel32.dll!OpenEventW 762A4CB8 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] kernel32.dll!CreateEventW 762A9146 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!DeleteObject 765E5A1F 5 Bytes JMP 000801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetDeviceCaps 765E5EA6 5 Bytes JMP 000803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SelectObject 765E5FC0 5 Bytes JMP 000805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SetBkMode 765E6390 5 Bytes JMP 000808F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SetTextColor 765E64BF 5 Bytes JMP 00080A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SetStretchBltMode 765E6624 5 Bytes JMP 000806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!DeleteDC 765E69A5 5 Bytes JMP 00080170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!StretchDIBits 765E6F0F 5 Bytes JMP 00080770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetTextMetricsW 765E720B 5 Bytes JMP 00080E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetCurrentObject 765E7419 5 Bytes JMP 00080370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!RestoreDC 765E74AA 5 Bytes JMP 00080530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SaveDC 765E7557 5 Bytes JMP 00080570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetTextAlign 765E7A93 5 Bytes JMP 00080D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!ExtSelectClipRgn 765E7AE2 5 Bytes JMP 000802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SelectClipRgn 765E7BED 5 Bytes JMP 000805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SetTextAlign 765E7E09 5 Bytes JMP 000809F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!IntersectClipRect 765E82B4 5 Bytes JMP 000803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SetICMMode 765E88BB 5 Bytes JMP 00080DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!ExtTextOutW 765E89EC 5 Bytes JMP 00080970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!MoveToEx 765E8E09 5 Bytes JMP 00080470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!Rectangle 765E90CA 5 Bytes JMP 000809B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetClipBox 765E989D 5 Bytes JMP 00080330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetTextFaceW 765EA788 5 Bytes JMP 00080D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetTextExtentPoint32W 765EABB5 5 Bytes JMP 00080670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!CreateDCA 765EBCD9 5 Bytes JMP 000800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!CreateDCW 765EBE99 5 Bytes JMP 000800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!CreateICW 765EBEDD 5 Bytes JMP 00080130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetFontData 765EC6E3 5 Bytes JMP 00080C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SetWorldTransform 765ECC0A 5 Bytes JMP 000806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetTextMetricsA 765ED201 5 Bytes JMP 00080DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!LineTo 765F0984 5 Bytes JMP 00080430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!ExtTextOutA 765F10E8 5 Bytes JMP 00080930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetTextExtentPoint32A 765F11A7 5 Bytes JMP 00080630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!ExtEscape 765F544B 5 Bytes JMP 000802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!EndPage 765F70FC 5 Bytes JMP 00080230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SetMiterLimit 765F98D2 5 Bytes JMP 00080B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!ResetDCW 765FF929 5 Bytes JMP 00080AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetTextFaceA 765FFE74 5 Bytes JMP 00080CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SetPolyFillMode 765FFF50 5 Bytes JMP 00080B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!GetGlyphOutlineW 765FFFEF 5 Bytes JMP 00080CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!Escape 76600181 5 Bytes JMP 00080270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!CreateScalableFontResourceW 7660D8CD 5 Bytes JMP 00080BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!AddFontResourceW 7660DB8E 5 Bytes JMP 00080BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!RemoveFontResourceW 7660DE3B 5 Bytes JMP 00080C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!AbortDoc 76612F0C 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!EndDoc 7661325D 5 Bytes JMP 000801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!StartPage 76613348 5 Bytes JMP 00080730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!StartDocW 76613DBB 5 Bytes JMP 000807F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!BeginPath 76614575 5 Bytes JMP 00080830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!SelectClipPath 766145CC 5 Bytes JMP 00080AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!CloseFigure 76614627 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!EndPath 7661467E 5 Bytes JMP 00080A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!StrokePath 766148B0 5 Bytes JMP 000807B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!FillPath 7661493C 5 Bytes JMP 00080870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!PolylineTo 76614DA5 5 Bytes JMP 000804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!PolyBezierTo 76614E35 5 Bytes JMP 000804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] GDI32.dll!PolyDraw 76614EE6 5 Bytes JMP 000808B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetTopWindow 769A7BC1 7 Bytes JMP 00090730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!CountClipboardFormats 769ABEAE 5 Bytes JMP 000901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!RegisterClipboardFormatW 769AF811 5 Bytes JMP 000902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!ActivateKeyboardLayout 769BA9FF 5 Bytes JMP 000904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!RegisterClipboardFormatA 769BAEC3 5 Bytes JMP 000902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetClipboardFormatNameA 769BB1C6 5 Bytes JMP 00090270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetClientRect 769BB396 7 Bytes JMP 000905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!MonitorFromWindow 769BB4F8 7 Bytes JMP 00090630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!ScreenToClient 769BC1D8 7 Bytes JMP 00090670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetParent 769C2E91 7 Bytes JMP 000906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!IsWindowVisible 769C3429 7 Bytes JMP 000906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!MapWindowPoints 769C34B0 5 Bytes JMP 00090570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!SetCursor 769C380D 5 Bytes JMP 00090530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!PostMessageW 769C3915 5 Bytes JMP 000905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!SetCursorPos 769C4EDD 5 Bytes JMP 00090770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetClipboardViewer 769C4F52 5 Bytes JMP 00090470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetClipboardData 769C589C 5 Bytes JMP 00090030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!EmptyClipboard 769C59B8 5 Bytes JMP 00090130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!EnumClipboardFormats 769C59CA 5 Bytes JMP 000901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!SetClipboardViewer 769D1CE7 5 Bytes JMP 000904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetOpenClipboardWindow 769D1D02 5 Bytes JMP 000903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!ChangeClipboardChain 769DBABA 5 Bytes JMP 00090430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!CloseClipboard 769DCA35 5 Bytes JMP 000900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!OpenClipboard 769DCA47 5 Bytes JMP 00090070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!IsClipboardFormatAvailable 769DCAC8 5 Bytes JMP 000900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetClipboardSequenceNumber 769DCADC 5 Bytes JMP 00090330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetClipboardOwner 769DCB0E 5 Bytes JMP 00090370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!SetClipboardData 769F116B 5 Bytes JMP 00090170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetClipboardFormatNameW 769F46EF 5 Bytes JMP 00090230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] USER32.dll!GetPriorityClipboardFormat 76A0555B 5 Bytes JMP 000903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] Secur32.dll!FreeContextBuffer 75FA243F 5 Bytes JMP 000B00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] Secur32.dll!DeleteSecurityContext 75FA25C7 5 Bytes JMP 000B0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] Secur32.dll!FreeCredentialsHandle 75FA2AD9 5 Bytes JMP 000B0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] Secur32.dll!QueryContextAttributesA 75FA61FF 5 Bytes JMP 000B0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] Secur32.dll!InitializeSecurityContextA 75FA6282 5 Bytes JMP 000B0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] Secur32.dll!AcquireCredentialsHandleA 75FA63CE 5 Bytes JMP 000B0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] Secur32.dll!EncryptMessage 75FA8A63 5 Bytes JMP 000B01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] Secur32.dll!DecryptMessage 75FA8B31 5 Bytes JMP 000B0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] Secur32.dll!ApplyControlToken 75FADE58 5 Bytes JMP 000B01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] Secur32.dll!QueryCredentialsAttributesA 75FADFD3 5 Bytes JMP 000B00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ole32.dll!OleGetClipboard 7778BDB6 5 Bytes JMP 000C00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ole32.dll!OleSetClipboard 777B0F64 5 Bytes JMP 000C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] ole32.dll!OleIsCurrentClipboard 777BB185 5 Bytes JMP 000C0070
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3124] USER32.dll!GetWindowInfo 769B00DB 5 Bytes JMP 6A78A642 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3124] USER32.dll!SetMenuItemBitmaps + 3E 769CCFF3 7 Bytes JMP 6A78AC18 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!LdrLoadDll 7788EB00 2 Bytes JMP 6A5CED80 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4024] ntdll.dll!LdrLoadDll + 3 7788EB03 2 Bytes [D4, F2] {AAM 0xf2}
.text C:\Program Files\Mozilla Firefox\firefox.exe[4024] kernel32.dll!ActivateActCtx + 2C 762A7379 7 Bytes JMP 6A9154E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4024] kernel32.dll!VirtualQuery + 24 762AD172 7 Bytes JMP 6A5E53B7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4024] kernel32.dll!VirtualAllocEx + 54 762C9BC5 7 Bytes JMP 6A915505 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4024] GDI32.dll!SetTextAlign + E6 765E7EEF 7 Bytes JMP 6A915463 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Windows\system32\SearchProtocolHost.exe[2580] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [7061D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2580] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [7061D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[2580] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [7061D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 000907D0
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010110
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 000907D0
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010110
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00090790
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[2680] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 000907D0

---- EOF - GMER 2.0 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top