Inactive Help with Sirefef.R and Sirefef.AH!

Jon Pedlow

Jon Pedlow

Posts: 6   +0
Hi

I am cleaning a vista machine (32bit) for a friend, it was heavily infected with malware etc. I have managed to remove this with malwarebytes, deleted all old programs that were causing issues then ran microsoft security essentials.

I am left with a trojan and sirefef which is closing the pc within 60 seconds.

I have followed the instructions to get the frst.txt and search.txt so here they are! (thank you in advance for you support)

P.S. It keeps saying that the search txt is saved but each time its no where to be seen?

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 17-08-2012 09:52:44
Running from I:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [x]
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [x]
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [x]
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-10-04] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8497696 2007-10-04] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-10-04] (NVIDIA Corporation)
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [x]
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 5-Step removal instructions and post the logs back here for my review.
 
I cant get the pc to stay on for more than 60 seconds to install the programs in the 5 step removal instructions.

Before finding this forum I had already deleted files, ran malware bytes and installed and ran microsoft security essentials.

I have manged to follow the instructions for frst, managed to get the frst.txt but it keeps saying that its saved the serch.txt to same location which it is not doing. I have repeated this process a few times to try and get the search.txt file but it just does not save in the location?

Not sure what step to take next?
 
Ok have managed to get it to stay on!

MBAM - report from yesterday


Database version: v2012.07.03.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
claire :: CLAIRE-LOUISE [administrator]

16/08/2012 12:28:31
mbam-log-2012-08-16 (12-28-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251825
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 125
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»
äG\Ê -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 34
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\setups (PUP.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\chrome (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> No action taken.
C:\Program Files\Funmoods\funmoods\1.5.11.16 (PUP.Funmoods) -> No action taken.
C:\ProgramData\49546735 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\90943530 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\claire\AppData\Roaming\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.79 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\claire\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\claire\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\claire\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\claire\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 90
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3FFTBPR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Windows\Temp\BARF59.tmp\upgrade.exe (PUP.Zwangi) -> No action taken.
C:\Users\claire\Downloads\eTypeSetupSSP (1).exe (PUP.BundleInstaller.BI) -> No action taken.
C:\Users\claire\Downloads\eTypeSetupSSP (2).exe (PUP.BundleInstaller.BI) -> No action taken.
C:\Users\claire\Downloads\eTypeSetupSSP.exe (PUP.BundleInstaller.BI) -> No action taken.
C:\Users\claire\Downloads\PDFCreatorSetup (1).exe (PUP.Adware.InstallCore) -> No action taken.
C:\Users\claire\Downloads\PDFCreatorSetup (2).exe (PUP.Adware.InstallCore) -> No action taken.
C:\Users\claire\Downloads\PDFCreatorSetup.exe (PUP.Adware.InstallCore) -> No action taken.
C:\Users\claire\Downloads\SoftonicDownloader_for_minicraft (1).exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\claire\Downloads\SoftonicDownloader_for_minicraft (2).exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\claire\Downloads\SoftonicDownloader_for_minicraft.exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\claire\Downloads\SoftonicDownloader_for_modloader-for-minecraft.exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\claire\Downloads\7zip_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\Users\claire\Downloads\ADLSoft_UnCompressor (1).exe (PUP.Adware.InstallCore) -> No action taken.
C:\Users\claire\Downloads\ADLSoft_UnCompressor.exe (PUP.Adware.InstallCore) -> No action taken.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\INSTALL.RDF (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3PATCH.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\M3UNPAT.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> No action taken.
C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx (PUP.Funmoods) -> No action taken.
C:\Windows\Installer\{b84d431c-c674-8ea1-c57f-7f9f18fd3dab}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-17 13:44:03
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD3200AAJS-00B4A0 rev.01.03A01
Running: 0dkxs8gl.exe; Driver: C:\Users\claire\AppData\Local\Temp\axliaaoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8EEF80DA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8EEF8CA6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8EEF8EB8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8EEFC714]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8EEFC756]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8EEFC8FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8EEF8DCA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8EEF8282]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8EEF8482]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8EEF85C2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8EEFC85E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8EEFC7A8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8EEFC7EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8EEFC824]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8EEF8068]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8EEF8F6A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8EEFC69C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8EEF7FE6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x8EEF7EEE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8EEF7F46]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys ZwCreateThreadEx [0x8EB3E640]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 191 836C6854 4 Bytes [DA, 80, EF, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D9 836C689C 4 Bytes [A6, 8C, EF, 8E]
.text ntkrnlpa.exe!KeSetEvent + 2D1 836C6994 5 Bytes [B8, 8E, EF, 8E, 14] {MOV EAX, 0x148eef8e}
.text ntkrnlpa.exe!KeSetEvent + 2D7 836C699A 2 Bytes [EF, 8E]
.text ntkrnlpa.exe!KeSetEvent + 2E1 836C69A4 4 Bytes [56, C7, EF, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DC05340, 0x35AF37, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1028] ntdll.dll!KiUserApcDispatcher 77D25B78 5 Bytes JMP 00414FF0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1028] kernel32.dll!LoadLibraryExW + 173 778B93EF 4 Bytes JMP 71AB000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1028] WS2_32.dll!getaddrinfo 774A418A 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1028] WS2_32.dll!gethostbyname 774B62D4 5 Bytes JMP 71AE0022
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] ntdll.dll!LdrLoadDll 77CE9378 5 Bytes JMP 699BB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] ntdll.dll!NtMapViewOfSection 77D24994 5 Bytes JMP 719F0022
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] ntdll.dll!KiUserApcDispatcher + E 77D25B86 5 Bytes JMP 00D4E2B0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] kernel32.dll!LoadLibraryExW + 173 778B93EF 4 Bytes JMP 71AC000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] kernel32.dll!SetUnhandledExceptionFilter 778BA8C5 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] kernel32.dll!LockResource + C 778D6B0B 7 Bytes JMP 69C6B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] kernel32.dll!VirtualAllocEx + 54 778DAF70 7 Bytes JMP 69C6B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] GDI32.dll!BitBlt 764E70A6 6 Bytes PUSH 71750022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] GDI32.dll!SetStretchBltMode + 256 764E745C 7 Bytes JMP 69C6B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!DdeInitializeW 77277921 6 Bytes PUSH 71710022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!RegisterClassExW 7727DA30 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!CreateWindowExA 7727DC2A 6 Bytes JMP 7192000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!RegisterClassW 7727E1AB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!CreateWindowExW 77281305 6 Bytes JMP 7196000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!GetMessageW 7728FEF7 6 Bytes PUSH 71650022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!TranslateMessage 772901AD 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!DispatchMessageW 7729021C 6 Bytes PUSH 716D0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!PeekMessageW 7729045A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!GetWindowRect 77290E21 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2676] USER32.dll!GetClipboardData 772B715A 6 Bytes PUSH 71690022; RET
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2760] ntdll.dll!KiUserApcDispatcher 77D25B78 5 Bytes JMP 0043A9F0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2760] kernel32.dll!LoadLibraryExW + 173 778B93EF 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2760] USER32.dll!InSendMessageEx + 3B1 7727E6B0 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2760] WS2_32.dll!getaddrinfo 774A418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2760] WS2_32.dll!gethostbyname 774B62D4 5 Bytes JMP 71A60022
.text C:\Users\claire\AppData\Roaming\eType\eType.exe[3040] kernel32.dll!SetUnhandledExceptionFilter 778BA8C5 5 Bytes JMP 00E5D1F9 C:\Users\claire\AppData\Roaming\eType\eType.exe (eType Application/DSNR Media Innovations)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3812] USER32.dll!GetWindowInfo 7728428E 5 Bytes JMP 69B3BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3812] USER32.dll!SetMenuItemBitmaps + 71 772914EE 7 Bytes JMP 69B3C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtCreateFile + 6 77D2424A 4 Bytes [28, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtCreateFile + B 77D2424F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtCreateKey + 6 77D2428A 4 Bytes [68, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtCreateKey + B 77D2428F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtCreateMutant + 6 77D242BA 4 Bytes [28, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtCreateMutant + B 77D242BF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtCreateSection + 6 77D2433A 4 Bytes [68, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtCreateSection + B 77D2433F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtMapViewOfSection + 6 77D2499A 4 Bytes [A8, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtMapViewOfSection + B 77D2499F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenFile + 6 77D24A2A 4 Bytes [68, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenFile + B 77D24A2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenKey + 6 77D24A5A 4 Bytes [A8, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenKey + B 77D24A5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenMutant + 6 77D24A7A 4 Bytes CALL 76D25080 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenMutant + B 77D24A7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenProcess + 6 77D24AAA 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenProcess + 6 77D24AAA 4 Bytes [28, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenProcess + B 77D24AAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenProcessToken + 6 77D24ABA 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenProcessToken + 6 77D24ABA 4 Bytes [68, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenProcessToken + B 77D24ABF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenProcessTokenEx + 6 77D24ACA 4 Bytes [28, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenProcessTokenEx + B 77D24ACF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenSection + 6 77D24ADA 4 Bytes [A8, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenSection + B 77D24ADF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenThread + 6 77D24B1A 4 Bytes CALL 76D25121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenThread + B 77D24B1F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenThreadToken + 6 77D24B2A 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenThreadToken + 6 77D24B2A 4 Bytes CALL 76D25132 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenThreadToken + B 77D24B2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenThreadTokenEx + 6 77D24B3A 4 Bytes [68, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtOpenThreadTokenEx + B 77D24B3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtQueryAttributesFile + 6 77D24BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtQueryAttributesFile + B 77D24BCF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtQueryFullAttributesFile + 6 77D24C7A 4 Bytes CALL 76D2527F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtQueryFullAttributesFile + B 77D24C7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtSetInformationFile + 6 77D2515A 4 Bytes [28, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtSetInformationFile + B 77D2515F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtSetInformationThread + 6 77D251AA 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtSetInformationThread + 6 77D251AA 4 Bytes [A8, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtSetInformationThread + B 77D251AF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtUnmapViewOfSection + 6 77D2544A 4 Bytes CALL 76D25A53 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ntdll.dll!NtUnmapViewOfSection + B 77D2544F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] kernel32.dll!CreateProcessW 77891BF3 5 Bytes JMP 000100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 000100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] kernel32.dll!OpenEventW 778AC033 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] kernel32.dll!CreateEventW 778DB87E 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!DeleteObject 764E5A37 5 Bytes JMP 000801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetDeviceCaps 764E617F 5 Bytes JMP 000803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SelectObject 764E62A0 5 Bytes JMP 000805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SetTextColor 764E666B 5 Bytes JMP 000809F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SetBkMode 764E6716 5 Bytes JMP 000808B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!DeleteDC 764E68CD 5 Bytes JMP 00080170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetCurrentObject 764E6B58 5 Bytes JMP 00080370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SetStretchBltMode 764E7206 5 Bytes JMP 00080670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SaveDC 764E75BA 5 Bytes JMP 00080570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!RestoreDC 764E7675 5 Bytes JMP 00080530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!StretchDIBits 764E78CF 5 Bytes JMP 00080730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!ExtSelectClipRgn 764E79F8 5 Bytes JMP 000802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SelectClipRgn 764E7AF9 5 Bytes JMP 000805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!MoveToEx 764E7C33 5 Bytes JMP 00080470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!Rectangle 764E7EA9 5 Bytes JMP 00080970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetTextAlign 764E82E0 5 Bytes JMP 00080D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SetTextAlign 764E85CB 5 Bytes JMP 000809B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!ExtTextOutW 764E872B 5 Bytes JMP 00080930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetTextMetricsW 764E8A81 5 Bytes JMP 00080DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!IntersectClipRect 764E8B64 5 Bytes JMP 000803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetClipBox 764E9071 5 Bytes JMP 00080330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SetICMMode 764E94E7 5 Bytes JMP 00080D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!CreateDCW 764EA91D 5 Bytes JMP 000800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!CreateDCA 764EAA49 5 Bytes JMP 000800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!CreateICW 764EB2E9 5 Bytes JMP 00080130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetTextFaceW 764EB637 5 Bytes JMP 00080CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetFontData 764EBA6C 5 Bytes JMP 00080C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetTextExtentPoint32W 764EC01A 5 Bytes JMP 00080630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SetWorldTransform 764EC46A 5 Bytes JMP 000806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!LineTo 764EC65E 5 Bytes JMP 00080430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetTextMetricsA 764ECCEB 5 Bytes JMP 00080DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!ExtTextOutA 764F00A5 5 Bytes JMP 000808F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!ExtEscape 764F22A7 5 Bytes JMP 000802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!Escape 764F27F1 5 Bytes JMP 00080270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!ResetDCW 764F3132 5 Bytes JMP 00080A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!EndPage 764F375E 5 Bytes JMP 00080230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SetPolyFillMode 764F61D3 5 Bytes JMP 00080AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SetMiterLimit 764F62E2 5 Bytes JMP 00080B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetTextFaceA 764FF4C5 5 Bytes JMP 00080CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!GetGlyphOutlineW 7650A41F 5 Bytes JMP 00080C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!CreateScalableFontResourceW 7650C88B 5 Bytes JMP 00080B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!AddFontResourceW 7650CC93 5 Bytes JMP 00080BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!RemoveFontResourceW 7650D129 5 Bytes JMP 00080BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!AbortDoc 76512CC4 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!EndDoc 765130D8 5 Bytes JMP 000801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!StartPage 765131C3 5 Bytes JMP 000806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!StartDocW 76513CA7 5 Bytes JMP 000807B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!BeginPath 76514465 5 Bytes JMP 000807F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!SelectClipPath 765144BC 5 Bytes JMP 00080AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!CloseFigure 76514517 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!EndPath 7651456E 5 Bytes JMP 00080A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!StrokePath 765147A0 5 Bytes JMP 00080770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!FillPath 7651482C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!FillPath 7651482C 5 Bytes JMP 00080830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!PolylineTo 76514C95 5 Bytes JMP 000804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!PolyBezierTo 76514D25 5 Bytes JMP 000804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] GDI32.dll!PolyDraw 76514DD6 5 Bytes JMP 00080870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!SetCursor 7727D37D 5 Bytes JMP 00090530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!RegisterClipboardFormatW 7727D6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!RegisterClipboardFormatW 7727D6AC 5 Bytes JMP 000902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!ActivateKeyboardLayout 7728478C 5 Bytes JMP 000904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!IsWindowVisible 7728878A 7 Bytes JMP 000906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!MonitorFromWindow 772888D4 7 Bytes JMP 00090630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!ScreenToClient 77288C56 7 Bytes JMP 00090670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetClientRect 77288F0D 7 Bytes JMP 000905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetParent 772890AA 7 Bytes JMP 000906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!RegisterClipboardFormatA 7728A111 5 Bytes JMP 000902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!PostMessageW 7728A175 5 Bytes JMP 000905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!MapWindowPoints 7728A30D 5 Bytes JMP 00090570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetClipboardFormatNameA 7728A552 5 Bytes JMP 00090270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetOpenClipboardWindow 772926A6 5 Bytes JMP 000903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!SetClipboardViewer 7729BA2D 5 Bytes JMP 000904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!IsClipboardFormatAvailable 7729C2E3 5 Bytes JMP 000900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!CloseClipboard 7729C2F7 5 Bytes JMP 000900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!OpenClipboard 7729C31D 5 Bytes JMP 00090070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetTopWindow 7729CE0A 7 Bytes JMP 00090730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetClipboardSequenceNumber 7729D8B7 5 Bytes JMP 00090330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!ChangeClipboardChain 7729DF83 5 Bytes JMP 00090430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!CountClipboardFormats 772A0048 5 Bytes JMP 000901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetClipboardOwner 772A26EF 5 Bytes JMP 00090370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!SetClipboardData 772B6410 5 Bytes JMP 00090170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!EnumClipboardFormats 772B6D16 5 Bytes JMP 000901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!SetCursorPos 772B6FB2 5 Bytes JMP 00090770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetClipboardData 772B715A 5 Bytes JMP 00090030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetClipboardFormatNameW 772BA99F 5 Bytes JMP 00090230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!EmptyClipboard 772D398B 5 Bytes JMP 00090130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetClipboardViewer 772D39ED 5 Bytes JMP 00090470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] USER32.dll!GetPriorityClipboardFormat 772D3AEF 5 Bytes JMP 000903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ole32.dll!OleGetClipboard 765A74C9 5 Bytes JMP 000A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ole32.dll!OleSetClipboard 765D11E3 5 Bytes JMP 000A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] ole32.dll!OleIsCurrentClipboard 765DA8F9 5 Bytes JMP 000A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] Secur32.dll!FreeContextBuffer 76212D83 5 Bytes JMP 000C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] Secur32.dll!DeleteSecurityContext 76212F18 5 Bytes JMP 000C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] Secur32.dll!FreeCredentialsHandle 76213598 5 Bytes JMP 000C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] Secur32.dll!EncryptMessage 76213745 5 Bytes JMP 000C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] Secur32.dll!DecryptMessage 76213813 5 Bytes JMP 000C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] Secur32.dll!InitializeSecurityContextA 762187DF 5 Bytes JMP 000C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] Secur32.dll!AcquireCredentialsHandleA 76218A43 5 Bytes JMP 000C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] Secur32.dll!QueryContextAttributesA 76218E77 5 Bytes JMP 000C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] Secur32.dll!ApplyControlToken 7621DE4F 5 Bytes JMP 000C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] Secur32.dll!QueryCredentialsAttributesA 7621E052 5 Bytes JMP 000C00B0

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010110
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 000907D0
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 000907D0
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010110
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010110
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00090790
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[4008] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 000907D0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\22!s!m!\22!y!d!f!{!f!r!f!I!d!`!\22!`! 19583823

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by claire at 13:45:22 on 2012-08-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.887 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Users\claire\AppData\Roaming\eType\eType.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\claire\AppData\Roaming\eType\eTypeUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Users\claire\Downloads\0dkxs8gl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=f8aa8335-bacb-4d2c-a1da-c440550f4404&searchtype=ds&q={searchTerms}
uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=f8aa8335-bacb-4d2c-a1da-c440550f4404&searchtype=ds&q={searchTerms}
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoSoftonic&dpid=SnapdoSoftonic&co=GB&userid=f8aa8335-bacb-4d2c-a1da-c440550f4404&searchtype=ds&q={searchTerms}
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - c:\program files\wajam\ie\priam_bho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Akamai NetSession Interface] "c:\users\claire\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\claire\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eType] c:\users\claire\appdata\roaming\etype\eType.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\claire\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://193.130.144.41/media/visitorchat/TLIEFlash.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.1.7
TCP: Interfaces\{6DFAF85F-6691-4F94-8E4B-40407D6917DB} : DhcpNameServer = 192.168.1.7
TCP: Interfaces\{8528A4CD-4A8B-4175-9D12-4E842E54DED2} : DhcpNameServer = 193.36.79.100 193.36.79.101
TCP: Interfaces\{D0A1DD71-7B3B-4E3E-B1E7-1FDBAA18EFC8} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\claire\appdata\roaming\mozilla\firefox\profiles\5h99y8kv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - component: c:\program files\imesh applications\mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - component: c:\users\claire\appdata\roaming\mozilla\firefox\profiles\5h99y8kv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\claire\appdata\roaming\mozilla\firefox\profiles\5h99y8kv.default\extensions\{28d35620-51d9-11de-9d13-2db156d89593}\components\dtTransparency.dll
FF - component: c:\users\claire\appdata\roaming\mozilla\firefox\profiles\5h99y8kv.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\claire\appdata\roaming\mozilla\firefox\profiles\5h99y8kv.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\claire\appdata\roaming\mozilla\firefox\profiles\5h99y8kv.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
FF - component: c:\users\claire\appdata\roaming\mozilla\firefox\profiles\5h99y8kv.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
FF - component: c:\users\claire\appdata\roaming\mozilla\firefox\profiles\5h99y8kv.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
FF - component: c:\users\claire\appdata\roaming\mozilla\firefox\profiles\5h99y8kv.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\claire\appdata\roaming\mozilla\firefox\profiles\5h99y8kv.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\claire\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\claire\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
user_pref('extensions.dealply.partner', 'vita');
.
user_pref('extensions.dealply.channel', 'vitafilewin');
.
user_pref('extensions.dealply.installId', 'v23500246161412995599332012061221461537');
.
user_pref('extensions.dealply.installIdSource', 'inst');
.
user_pref('extensions.dealply.sampleGroup', '7');
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQCJpec4Z&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 44ecbfa6000000000000001c25348f65
FF - user.js: extensions.incredibar_i.instlDay - 15528
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:12:46
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQCJpec4Z
FF - user.js: extensions.incredibar_i.upn2n - 92543188629654885
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
FF - user.js: browser.startup.homepage - hxxp://www.google.com/
.
FF - user.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: extensions.BabylonToolbar_i.id - 44ecbfa6000000000000001c25348f65
FF - user.js: extensions.BabylonToolbar_i.hardId - 44ecbfa6000000000000001c25348f65
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15543
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:38:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=2912_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-7-29 65848]
R1 MpKsle95c3fdf;MpKsle95c3fdf;c:\programdata\microsoft\microsoft antimalware\definition updates\{33732067-b2b1-4bc3-8026-bc230a2bd582}\MpKsle95c3fdf.sys [2012-8-17 29904]
R1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-14 228376]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-7-29 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-7-29 166840]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-1 21504]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-7-29 976728]
S2 BBSvc;Bing Bar Update Service;"c:\program files\microsoft\bingbar\bbsvc.exe" --> c:\program files\microsoft\bingbar\BBSvc.EXE [?]
S2 BBUpdate;BBUpdate;"c:\program files\microsoft\bingbar\seaport.exe" --> c:\program files\microsoft\bingbar\SeaPort.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-4-1 54632]
S3 fsssvc;Windows Live Family Safety Service;"c:\program files\windows live\family safety\fsssvc.exe" --> c:\program files\windows live\family safety\fsssvc.exe [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2007-10-9 59264]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2011-11-12 33792]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-4 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-16 113120]
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [2008-4-15 256000]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-12 250056]
S4 GtDetectSc;GtDetectSc;"c:\program files\orange\icon 225 usb connect\gtdetectsc.exe" --> c:\program files\orange\icon 225 usb connect\GtDetectSc.exe [?]
S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S4 gupdatem;Google Update Service (gupdatem);"c:\program files\google\update\googleupdate.exe" /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\hipatchservice.exe --> c:\program files\hi-rez studios\HiPatchService.exe [?]
S4 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [?]
S4 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\extensionupdaterservice.exe --> c:\program files\web assistant\ExtensionUpdaterService.exe [?]
.
=============== Created Last 30 ================
.
2012-08-17 20:42:19 -------- d-----w- c:\program files\Microsoft Games
2012-08-17 17:52:27 -------- d-----w- C:\FRST
2012-08-17 12:19:34 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{33732067-b2b1-4bc3-8026-bc230a2bd582}\MpKsle95c3fdf.sys
2012-08-17 12:15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-17 12:13:34 -------- d-----w- c:\users\claire\appdata\local\Macromedia
2012-08-16 15:30:40 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{33732067-b2b1-4bc3-8026-bc230a2bd582}\offreg.dll
2012-08-16 15:29:27 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2f6bf495-3035-490f-a4c0-7d48db03da62}\gapaengine.dll
2012-08-16 15:28:48 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{33732067-b2b1-4bc3-8026-bc230a2bd582}\mpengine.dll
2012-08-16 15:27:19 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-16 15:16:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-16 15:15:11 -------- d-----w- c:\users\claire\appdata\local\Google
2012-08-16 15:14:57 -------- d-----w- c:\users\claire\appdata\local\Deployment
2012-08-16 15:14:57 -------- d-----w- c:\users\claire\appdata\local\Apps
2012-08-16 10:45:20 -------- d-----w- c:\users\claire\appdata\roaming\Malwarebytes
2012-08-16 10:45:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 10:45:08 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 14:00:20 -------- d-----w- c:\users\claire\appdata\local\{0EA2C2F2-DE3C-11E1-8270-B8AC6F996F26}
2012-08-04 13:55:50 -------- d-----w- c:\users\claire\appdata\local\{0EA290E1-DE3C-11E1-8270-B8AC6F996F26}
2012-08-04 13:53:54 -------- d-----w- c:\programdata\036DFF86038F26205A9C8AEE2F3B707C
2012-08-04 13:52:54 -------- d-----w- c:\users\claire\appdata\roaming\Soypt
2012-08-04 13:52:54 -------- d-----w- c:\users\claire\appdata\roaming\Isqet
2012-08-04 13:52:51 -------- d-----w- c:\users\claire\appdata\roaming\Ixfeig
2012-08-04 02:16:42 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f5eb78e0-8f2d-43d6-9229-ee143eae5710}\mpengine.dll
2012-07-29 19:52:38 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-07-27 19:05:41 -------- d-----w- c:\users\claire\appdata\roaming\BrowserCompanion
2012-07-25 13:19:30 -------- d-----w- c:\users\claire\appdata\roaming\.techniclauncher
.
==================== Find3M ====================
.
2012-08-15 05:31:09 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 05:31:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 06:48:10 65536 ----a-w- c:\windows\system32\frapsvid.dll
2002-07-26 16:02:06 153088 ------w- c:\program files\UNWISE.EXE
.
============= FINISH: 13:46:23.69 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 03/04/2008 12:42:54
System Uptime: 17/08/2012 13:10:29 (0 hours ago)
.
Motherboard: Foxconn | | 45CMX/45GMX/45CMX-K
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 1998/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 291 GiB total, 195.169 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
RP980: 02/08/2012 00:00:01 - Scheduled Checkpoint
RP981: 02/08/2012 03:00:14 - Windows Update
RP982: 03/08/2012 03:00:33 - Windows Update
RP983: 03/08/2012 03:00:50 - Scheduled Checkpoint
RP984: 03/08/2012 19:38:31 - Scheduled Checkpoint
RP985: 04/08/2012 03:00:22 - Windows Update
RP986: 06/08/2012 15:46:16 - Scheduled Checkpoint
RP987: 08/08/2012 19:14:54 - Scheduled Checkpoint
RP989: 14/08/2012 12:22:47 - Installed Rapport
RP990: 15/08/2012 18:42:52 - Restore Operation
RP991: 15/08/2012 19:02:38 - Restore Operation
RP992: 16/08/2012 12:55:17 - Removed Aeria Ignite
RP993: 16/08/2012 12:59:13 - Removed AION Free-To-Play
RP994: 16/08/2012 13:41:20 - Removed Bing Bar
RP995: 16/08/2012 13:41:44 - Removed Bing Bar
RP996: 16/08/2012 14:08:33 - Removed Snap.Do
RP997: 16/08/2012 14:09:02 - Removed Snap.Do
RP998: 16/08/2012 14:11:04 - Removed Softonic Toolbar.
RP999: 16/08/2012 14:12:15 - Removed SweetIM for Messenger 3.6
RP1000: 16/08/2012 14:13:07 - Removed SweetPacks Toolbar for Internet Explorer 4.5
RP1001: 16/08/2012 14:22:17 - Removed Update Manager for SweetPacks 1.0
RP1002: 16/08/2012 14:25:16 - Removed LeapFrog LeapPad Explorer Plugin
RP1003: 16/08/2012 14:31:19 - Removed Rapport
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BabylonObjectInstaller
Bing Bar
Bonjour
D-Link DWA-111 Wireless G USB Adapter
Driver Detective
Driver Mender
eType
Free YouTube to MP3 Converter version 3.5
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hi-Rez Studios Authenticate and Update Service
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICON 225 USB Connect
iSkysoft Video Converter(Build 2.3.2.1)
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 4
Java(TM) 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
LeapFrog Connect
LG PC Suite
LG USB Modem driver
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Web Search
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
PDF Creator
QuickTime
Rapport
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Softonic-Eng7 Toolbar
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Web Assistant 2.0.0.462
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
World of Warcraft
.
==== End Of File ===========================
 
So, you're not able to get the logs from FRST?

Try to run it again and see if it saves logs, please.
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back