Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser redirect problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser redirect problems

Unread postby tigerpaw57 » June 17th, 2010, 10:32 pm

I get redirects every time I try to go to a URL resulting from a search. It happens with Explorer and Foxfire. I have run scans with Avira antivirus to no avail. Here are my log and uninstall files:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:30 PM, on 6/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe
C:\ESM2\STMS.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\ESM2\EBRR.EXE
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\ESM2\SAgent2.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\WINDOWS\TEMP\E_S26A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/barney/children/games/imagination_game.html"
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoEZcolor 2.6\MonacoGamma.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} (AbImporter Class) - file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://service.futuremark.com/virtualmark/tc/MSC3.cab
O16 - DPF: {E5C97835-6865-443E-8C33-671D9C71A6D0} (LedaX Control) - https://www.clientspace.com/download/RapidocsX.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///F:/cdviewer/CdViewer.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DataSvr - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\ESM2\SAgent2.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe

--
End of file - 15701 bytes
ABBYY FineReader 5.0 Sprint
Activity Center, Winnie the Pooh
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 9.3.2
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
APC PowerChute Personal Edition
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 7.2
BigFix
Boris Graffiti
Browser Defender 2.0.6.15
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3 english manual
ConvertXtoDVD 3.8.0.193f
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Tools
Debut Video Capture Software
Digital Media Reader
DiMAGE Scan Dual4 ver.1.0
Direct Show Ogg Vorbis Filter (remove only)
Disneys Digital Coloring Book Featuring Pooh
Disney's Magic Artist Cartoon Maker
DriverAgent by eSupport.com
easyHDR PRO
EMBASSY Security Center
EPSON Copy Utility
EPSON PERF 3170Guide
EPSON Photo Print
EPSON Print CD
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON Status Monitor 2
Finding Nemo: Nemo's Underwater World of Fun
Futuremark Measurement Services Client
Gallery Remote
Garmin City Navigator North America NT 2010.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
Google Earth
Google Gmail Notifier
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
gtw_logo
GWCares
Hallmark Card Studio 3 Deluxe
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
Intel Audio Studio 2.0
Intel(R) PRO Network Connections Drivers
Intel(R) Processor ID Utility
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Juice 2.2
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech MouseWare 9.79
Logitech Resource Center
Magic Bullet Looks Studio
Matroska Pack (remove only)
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MonacoEZcolor 2.6
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
MWSnap 3
Napster
Napster Burn Engine
Neat Image v5.7 Home
Netscape Internet Service
Netscape Web Accelerator
NTRU Hybrid TSS v1.05
NVIDIA Drivers
NVIDIA PhysX v8.10.13
OLYMPUS Master 2
OLYMPUS muvee theaterPack
Photo Story 3 for Windows
Photomatix Pro version 3.1.3
Picasa 3
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Video Driver
Pinnacle Winter Pack
Power2Go 4.0
PowerDVD
Presto! BizCard 4.1 Eng
proDAD Vitascene 1.0
Profile Prism
QuickTime
RealFlight G3 R/C Simulator
Rhapsody Player Engine
Roxio Content 9
Roxio MyDVD 9 Studio
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Shape Collage
SigmaTel Audio
SLOW-PCfighter
SLOW-PCfighter
Soft Data Fax Modem with SmartCP
Sonic Encoders
SPAMfighter
Spyware Doctor 7.0
STMicroelectronics TPM Software Package
SureThing Express Labeler
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Basic 2005
TurboTax Basic 2007
TurboTax ItsDeductible 2005
Undelete Plus 2.98
Uniblue DriverScanner 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WexTech AnswerWorks
Windows 7 Upgrade Advisor
Windows Defender
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm
Advertisement
Register to Remove

Re: Browser redirect problems

Unread postby Cypher » June 20th, 2010, 1:06 pm

Hi and welcome to Malware Removal Forums.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

  • If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


Quick question.. Does you're installed version of Spyware Doctor include Anti-virus?
Let me know in you're next reply.

Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
Coupon Printer for Windows << Remove if you don't use
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Viewpoint Media Player

Now reboot you're computer.


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)


Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.



Logs/Information to Post in your Next Reply

  • Let me know if Spyware Doctor includes Anti-virus.
  • RSIT log.txt and info.txt contents.
  • Gmer.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser redirect problems

Unread postby tigerpaw57 » June 20th, 2010, 9:07 pm

Hi, Cyber, and thanks for the help. My Spyware Doctor does not include Anti-virus. I removed all of the Java Updates except Java 6 Update 17, which I don't have. I have Java 6 Update 20, but I did not remove it. I downloaded and ran RSIT. Here is the log file

Logfile of random's system information tool 1.07 (written by random/random)
Run by Administrator at 2010-06-20 20:53:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 84 GB (57%) free of 148 GB
Total RAM: 2045 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:22 PM, on 6/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe
C:\ESM2\STMS.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\ESM2\EBRR.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\ESM2\SAgent2.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\O8K61PGE\RSIT[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\WINDOWS\TEMP\E_S26A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/barney/children/games/imagination_game.html"
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoEZcolor 2.6\MonacoGamma.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} (AbImporter Class) - file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://service.futuremark.com/virtualmark/tc/MSC3.cab
O16 - DPF: {E5C97835-6865-443E-8C33-671D9C71A6D0} (LedaX Control) - https://www.clientspace.com/download/RapidocsX.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///F:/cdviewer/CdViewer.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DataSvr - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\ESM2\SAgent2.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe

--
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm

Re: Browser redirect problems

Unread postby tigerpaw57 » June 20th, 2010, 9:10 pm

And here is the uninstall list:
info.txt logfile of random's system information tool 1.06 2010-06-20 20:53:27

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu" -c"C:\WINDOWS\StiRegstEng.dll"
-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{3B55590C-8A9B-4BD6-B489-744B63026A2A}
-->MsiExec.exe /I{3BF1390E-9EAE-4C2A-B30C-3992233FBCBA}
-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->MsiExec.exe /X{9F9BED81-2C7A-4AA2-A136-942168A0085B}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D1A81AA-ED90-11D6-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Activity Center, Winnie the Pooh-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF4C0042-FDF9-4AD3-904C-FFC7A066A248}\setup.exe" -l0x9 Activity Center, Winnie the Pooh
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Boris Graffiti-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{262BF2CD-601D-4F43-919C-4B00B1D1F338}\setup.exe" -l0x9 -removeonly
Browser Defender 2.0.6.15-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 3 english manual-->"C:\Program Files\vso\convertx\3\unins001.exe"
ConvertXtoDVD 3.8.0.193f-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Debut Video Capture Software-->C:\Program Files\NCH Software\Debut\uninst.exe
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DiMAGE Scan Dual4 ver.1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F00F343-7562-4F03-B3C3-F9360E2DA333}\Setup.exe" -l0x9
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
Disneys Digital Coloring Book Featuring Pooh-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\DISNEY~1\DeIsL1.isu
Disney's Magic Artist Cartoon Maker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C468F15-CC56-11D5-AA2E-0008C760B784}\setup.exe" Disney's Magic Artist Cartoon Maker
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
easyHDR PRO-->"C:\Program Files\easyHDR\uninstall.exe"
EMBASSY Security Center-->MsiExec.exe /I{D768EBA6-7C43-4F65-B165-1B1EF9BD5DD8}
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON PERF 3170Guide-->C:\Program Files\epson\guide\perf3170_e\uninstall.exe
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}\setup.exe" -l0x9 MyUninstall
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
EPSON Status Monitor 2-->C:\ESM2\STMSetup.exe /UNINSTALL
Finding Nemo: Nemo's Underwater World of Fun-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCB8D603-985E-4765-B4AB-B4B991A535B7} NemoUWFUninstall
Futuremark Measurement Services Client-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
Gallery Remote-->"C:\Program Files\Gallery Remote\UninstallerData\Uninstall gallery_remote.exe"
Garmin City Navigator North America NT 2010.10 Update-->MsiExec.exe /X{301CC8D1-FE75-41ED-9B11-41F006110950}
Garmin Communicator Plugin-->MsiExec.exe /X{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Talk Plugin-->MsiExec.exe /I{BFB7485D-A200-33CA-A2E1-E1600CA76484}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
gtw_logo-->C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
GWCares-->MsiExec.exe /I{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}
Hallmark Card Studio 3 Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A022314D-F75A-4784-9AF7-A5F00C56ECC5}\setup.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
Intel(R) Quick Resume Technology Drivers-->C:\WINDOWS\System32\Elusetup.exe
Intel® Viiv™ Software-->MsiExec.exe /X{8D5F5475-985D-42AA-9502-278595F3BD6A} /qb!
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Juice 2.2-->C:\Program Files\Juice\uninst.exe
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center-->C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Magic Bullet Looks Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 12\Plugins\RTFx\mblooksstudio.log
Matroska Pack (remove only)-->C:\Program Files\Matroska Pack\Uninstall.exe
Memorex exPressit Label Design Studio-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Standard-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MonacoEZcolor 2.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89883FFF-054E-4BCE-A131-15F3D9F50E6F}\setup.exe"
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Neat Image v5.7 Home-->"C:\Program Files\Neat Image\unins000.exe"
Netscape Internet Service-->C:\Program Files\Netscape Internet Service\install.exe -r {FFC3B772-C00A-42da-90A6-A87F4AFD73D9}
Netscape Web Accelerator-->C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\accinst.exe -r {FFC3B772-C00A-42da-90A6-A87F4AFD73E0}
NTRU Hybrid TSS v1.05-->MsiExec.exe /I{7e09afc2-65bd-482f-ba8a-501ecc6429bf}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
OLYMPUS Master 2-->MsiExec.exe /X{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82}
OLYMPUS muvee theaterPack-->MsiExec.exe /X{691B06EC-F84C-4103-B4D4-3FC5BC4941E9}
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Photomatix Pro version 3.1.3-->"C:\Program Files\PhotomatixPro3\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Pinnacle Studio 12 Ultimate Plugins-->MsiExec.exe /I{D1860E6E-520E-4380-8433-E58E8F88B473}
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
Pinnacle Video Driver-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
Pinnacle Winter Pack-->MsiExec.exe /I{67330878-0617-41A9-A3B0-B5298E89E7BC}
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Presto! BizCard 4.1 Eng-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu"
proDAD Vitascene 1.0-->"C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
Profile Prism-->C:\PROGRA~1\Prism\UNWISE.EXE C:\PROGRA~1\Prism\INSTALL.LOG
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealFlight G3 R/C Simulator-->C:\Program Files\Common Files\KnifeEdge\Launcher.exe REALFLIGHT3
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Roxio Content 9-->MsiExec.exe /X{787F2DC2-1699-44FA-A72F-9107166AF9CC}
Roxio MyDVD 9 Studio-->MsiExec.exe /I{29DBCB14-49ED-4906-A440-CBC27B761051}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Shape Collage-->C:\Program Files\Shape Collage\uninstall.exe
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SLOW-PCfighter-->C:\Program Files\Fighters\SLOW-PCfighter\Uninstall.exe
SLOW-PCfighter-->MsiExec.exe /X{BDE0CF4C-8DE2-41DB-A845-78D48874E2C6}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SPAMfighter-->"C:\Program Files\SPAMfighter\uninstall.exe" Remove
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
STMicroelectronics TPM Software Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{725F7446-EAC3-4279-97EF-5A5F6A9F6BF8}\setup.exe" -l0x9
SureThing Express Labeler-->"C:\Program Files\SureThing Express Labeler\unins000.exe"
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Basic 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Basic 2005-->C:\Program Files\TurboTax\Basic 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2005\Uninstall.log" -NoGui
TurboTax Basic 2007-->C:\Program Files\TurboTax\Basic 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
Undelete Plus 2.98-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
Uniblue DriverScanner 2010-->"C:\Program Files\Uniblue\DriverScanner\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\grmnusb.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: GATEWAY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\D.

Record Number: 36990
Source Name: Disk
Time Written: 20100509210404.000000-240
Event Type: error
User:

Computer Name: GATEWAY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\D.

Record Number: 36989
Source Name: Disk
Time Written: 20100509210403.000000-240
Event Type: error
User:

Computer Name: GATEWAY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\D.

Record Number: 36988
Source Name: Disk
Time Written: 20100509210402.000000-240
Event Type: error
User:

Computer Name: GATEWAY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\D.

Record Number: 36987
Source Name: Disk
Time Written: 20100509210401.000000-240
Event Type: error
User:

Computer Name: GATEWAY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\D.

Record Number: 36986
Source Name: Disk
Time Written: 20100509210400.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: GATEWAY
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 19083
Source Name: Adobe Active File Monitor 4.0
Time Written: 20100203054705.000000-300
Event Type:
User:

Computer Name: GATEWAY
Event Code: 20
Message:
Record Number: 19082
Source Name: Google Update
Time Written: 20100202170632.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GATEWAY
Event Code: 20
Message:
Record Number: 19081
Source Name: Google Update
Time Written: 20100202164820.000000-300
Event Type: error
User: GATEWAY\Administrator

Computer Name: GATEWAY
Event Code: 20
Message:
Record Number: 19080
Source Name: Google Update
Time Written: 20100202160620.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: GATEWAY
Event Code: 20
Message:
Record Number: 19079
Source Name: Google Update
Time Written: 20100202154846.000000-300
Event Type: error
User: GATEWAY\Administrator

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Pinnacle\Shared Files\Filter\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm

Re: Browser redirect problems

Unread postby tigerpaw57 » June 20th, 2010, 9:17 pm

It appears that I didn't include the entire document file the first time, so I'll try again:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Administrator at 2010-06-20 20:53:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 84 GB (57%) free of 148 GB
Total RAM: 2045 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:22 PM, on 6/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe
C:\ESM2\STMS.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\ESM2\EBRR.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\ESM2\SAgent2.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\O8K61PGE\RSIT[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\WINDOWS\TEMP\E_S26A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/barney/children/games/imagination_game.html"
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoEZcolor 2.6\MonacoGamma.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} (AbImporter Class) - file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://service.futuremark.com/virtualmark/tc/MSC3.cab
O16 - DPF: {E5C97835-6865-443E-8C33-671D9C71A6D0} (LedaX Control) - https://www.clientspace.com/download/RapidocsX.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///F:/cdviewer/CdViewer.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DataSvr - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\ESM2\SAgent2.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe

--
End of file - 16351 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Documents backup.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-395324855-17082412-174624428-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-395324855-17082412-174624428-500UA.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}]
PBlockHelper Class - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll [2004-03-11 215040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-05-27 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-07 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-01 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
""= []
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
"SigmatelSysTrayApp"=sttray.exe []
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-04-19 9125888]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-03-29 375296]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-06-16 303104]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]
"nwiz"=nwiz.exe /install []
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-11-12 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"SPAMfighter Agent"=C:\Program Files\SPAMfighter\SFAgent.exe [2009-03-12 326792]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-05-11 1287120]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"=NA []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-03 68856]
"EPSON Stylus Photo R380 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE [2006-05-29 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SmileboxTray"=C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe [2010-05-20 304448]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 135664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE [2008-12-06 460216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
C:\Program Files\Gateway\GWCares\GWCares.exe [2004-02-08 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2003-10-01 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2003-10-01 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2006-12-01 95800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-12-01 228088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe [2010-05-20 304448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\Program Files\BigFix\bigfix.exe [2005-10-11 2168360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
EPSON Background Monitor.lnk - C:\ESM2\STMS.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
MonacoGamma.lnk - C:\Program Files\Monaco Systems\MonacoEZcolor 2.6\MonacoGamma.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:LocalSubNet:Enabled:SPCM"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:LocalSubNet:Enabled:Intel(R) Viiv(TM) Media Server"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:LocalSubNet:Enabled:Intel(R) Remoting Service"
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2010-06-20 20:53:14 ----D---- C:\rsit
2010-06-19 07:09:30 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-06-19 07:08:59 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-19 07:08:59 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-19 07:08:59 ----A---- C:\WINDOWS\system32\java.exe
2010-06-19 07:08:59 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-17 18:16:20 ----A---- C:\WINDOWS\BDTSupport.dll.old
2010-06-17 18:16:20 ----A---- C:\WINDOWS\BDTSupport.dll
2010-06-17 18:16:19 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-06-17 18:16:19 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-06-17 18:16:19 ----A---- C:\WINDOWS\PCTBDCore.dll.old
2010-06-17 18:16:19 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-06-17 18:13:29 ----D---- C:\Program Files\Spyware Doctor
2010-06-17 18:13:29 ----D---- C:\Program Files\Common Files\PC Tools
2010-06-17 18:13:29 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-06-17 18:13:29 ----D---- C:\Documents and Settings\Administrator\Application Data\PC Tools
2010-06-09 22:25:10 ----D---- C:\Program Files\Mozilla Firefox
2010-06-08 17:54:26 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2010-05-28 23:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

======List of files/folders modified in the last 1 months======

2010-06-20 20:53:22 ----D---- C:\WINDOWS\Prefetch
2010-06-20 20:53:22 ----D---- C:\Program Files\Trend Micro
2010-06-20 20:53:17 ----D---- C:\WINDOWS\Temp
2010-06-20 20:52:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-20 20:50:28 ----D---- C:\WINDOWS\system32
2010-06-20 20:50:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-20 20:48:36 ----SD---- C:\WINDOWS\Tasks
2010-06-20 20:47:01 ----D---- C:\WINDOWS\Registration
2010-06-20 20:46:49 ----D---- C:\Program Files\SPAMfighter
2010-06-20 20:46:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 20:46:16 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2010-06-20 20:45:53 ----D---- C:\WINDOWS
2010-06-20 20:44:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-20 20:42:21 ----RD---- C:\Program Files
2010-06-20 20:41:36 ----SHD---- C:\WINDOWS\Installer
2010-06-20 20:41:36 ----D---- C:\Config.Msi
2010-06-20 20:41:32 ----D---- C:\Program Files\Java
2010-06-20 20:37:36 ----D---- C:\Program Files\Coupons
2010-06-19 08:02:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Smilebox
2010-06-19 07:09:29 ----D---- C:\Program Files\Common Files\Java
2010-06-18 20:47:05 ----HD---- C:\WINDOWS\inf
2010-06-17 18:13:53 ----D---- C:\WINDOWS\system32\drivers
2010-06-17 18:13:38 ----D---- C:\WINDOWS\WinSxS
2010-06-17 18:13:29 ----D---- C:\Program Files\Common Files
2010-06-17 08:44:08 ----SHD---- C:\WINDOWS\CSC
2010-06-17 08:44:00 ----D---- C:\Program Files\Google
2010-06-16 23:16:44 ----SHD---- C:\System Volume Information
2010-06-16 22:47:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-13 21:42:35 ----A---- C:\WINDOWS\win.ini
2010-06-10 23:03:52 ----D---- C:\WINDOWS\network diagnostic
2010-06-08 20:54:03 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-08 17:20:12 ----D---- C:\WINDOWS\system32\config
2010-06-08 17:19:44 ----D---- C:\WINDOWS\system32\wbem
2010-06-02 07:55:02 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-02-03 179200]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-05 9728]
R3 EPUSBDSK;EPSON USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\EPUSBDSK.sys [2001-09-26 29983]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS; C:\WINDOWS\system32\DRIVERS\IAMTXP.sys [2005-11-29 40448]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-11-07 51486]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2009-08-31 28256]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-11-12 6188320]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-16 47360]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys []
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-07-24 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-07-24 2560]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2007-01-22 29184]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X-Rite;X-Rite USB Service; C:\WINDOWS\system32\DRIVERS\XrUsb.sys [2003-11-06 14936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-06-16 188416]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-28 267432]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2004-01-21 155770]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 DataSvr;DataSvr; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2005-08-30 290816]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ELService;Intel(R) Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe [2006-06-01 180224]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\ESM2\SAgent2.exe [2001-08-09 90112]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 NCUpdateSvc;Netscape Update Service; C:\Program Files\Netscape Internet Service\ncupdatesvc.exe [2004-04-06 53248]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-11-12 163908]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-01-22 196608]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-12-01 166648]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\Program Files\SPAMfighter\sfus.exe [2009-03-12 184968]
R2 tcsd_win32.exe;NTRU Hybrid TSS v1.05 TCSD; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe [2005-03-07 180224]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-12-01 887544]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-03 133104]
S2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-06-15 77824]
S2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-05-27 25600]
S2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-06-15 147456]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-06-15 397312]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2006-11-26 294912]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2006-12-01 310008]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2006-11-26 57344]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm

Re: Browser redirect problems

Unread postby Cypher » June 21st, 2010, 5:20 am

Hi tigerpaw57.
thanks for the help.

You're most welcome.
Were you able to run the Gmer scan? if so please post the log that was created.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser redirect problems

Unread postby tigerpaw57 » June 21st, 2010, 10:17 am

No, I have not been able to run the Gmer scan successfully. On the first attempt, it crashed and rebooted. On the second attempt, it ran for about 10 hours and was apparently finished in that all activity on screen had ended. However, when I attempted to save the file, it froze, and of course, I lost the file. I was careful to close all other programs before the scan. Should I make a third attempt? What do you suggest?
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm

Re: Browser redirect problems

Unread postby Cypher » June 21st, 2010, 11:01 am

Hi tigerpaw57.
Sorry to hear you're having trouble with the Gmer scan.
Unfortunately this can happen on some systems so we will try another scan.
Disable windows defender for now also it will interfere with the tools we need to use later.


Disable Windows Defender

  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  • Click on the Save button at the bottom right hand corner.
  • Note: Please do not Re-enable this until i tell you to do so.

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • Note: This log can be big you may need post it in separate replies.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser redirect problems

Unread postby tigerpaw57 » June 22nd, 2010, 11:24 am

I successfully ran Rootkit Unhooker and here is the first part of the log :
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8483000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6189056 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 180.48 )
0xBF9D6000 C:\WINDOWS\System32\nv4_disp.dll 6152192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 180.48 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB2BD5000 C:\WINDOWS\system32\drivers\sthda.sys 1114112 bytes (SigmaTel, Inc., NDRC)
0xB82A0000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xA6951000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 786432 bytes
0xBA60D000 IASTOR.SYS 786432 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB81F3000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 708608 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBA4C1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xACF4F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8129000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAD05A000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA2605000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFB4000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA47D7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBA565000 PCTCore.sys 233472 bytes (PC Tools, PC Tools KDS Core Driver)
0xB83C0000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 225280 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB8187000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xBA759000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB80FB000 C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 188416 bytes (Pinnacle Systems GmbH, Pinnacle Marvin Discrete Bus Enumerator)
0xA5DFC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xBA494000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBA5B0000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xB841B000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 180224 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xA0F5A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xACFBF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8447000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAD00C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA6E5000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAD034000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA6A11000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB2BB1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB83F7000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB839D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xACFEA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xACF2D000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA787000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBA70B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBA72A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xBA47A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xBA5DC000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xBA5F5000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xBA6CD000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xBA54E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB81C8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA5EC9000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA5DBF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB81DF000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB846F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAD0B3000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C4000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBA59E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xBA748000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB81B7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA43A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBAA78000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBAA58000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 65536 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xBAA18000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA8B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA3DA000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB0A55000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA42A000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8D67000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB982F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB6142000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA8C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA928000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xBA8F8000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xBA988000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBAA38000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB8D57000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA8E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBAA48000 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys 49152 bytes (Logitech, Inc., Logitech PS/2 Mouse Filter Driver.)
0xB8D17000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xBA968000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA958000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xB8D37000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA9E8000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xBA9F8000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xBA9C8000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xBA9D8000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xB0A65000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBAA68000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA8D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8D47000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA3EA000 C:\WINDOWS\system32\drivers\sfng32.sys 45056 bytes (Sonic Focus, Inc, SFNG32.SYS)
0xBA9A8000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xBAA28000 C:\WINDOWS\system32\DRIVERS\IAMTXP.sys 40960 bytes (Intel Corporation, Intel® Active Management Technology – KCS)
0xBA8A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBAAF8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA948000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA918000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xBA9B8000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xB8D07000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA978000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA7D21000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA3FA000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB8D27000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB0A75000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA0ECA000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA998000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA908000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA938000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xB0A85000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBAC68000 C:\WINDOWS\system32\DRIVERS\ELacpi.sys 32768 bytes (Intel Corporation, -)
0xBAC50000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB0303000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBAB58000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xBAB68000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xBAC48000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBAB40000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xA730D000 C:\WINDOWS\system32\DRIVERS\EPUSBDSK.sys 28672 bytes (SEIKO EPSON CORPORATION, EPSON USB Mass Storage Driver)
0xB07AA000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBAB90000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xBAC70000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)
0xBAB28000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB1FDB000 C:\Program Files\Spyware Doctor\PCTSDInj32.sys 28672 bytes
0xBAB88000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xBAB60000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xA72ED000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB02FB000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBAB70000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xBAB78000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xBAC60000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBAC58000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB02F3000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xBAB98000 stm_tpm.sys 24576 bytes (STMicroelectronics, INC, TPM Device Driver)
0xBAC40000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB0313000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBAB80000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xBAB50000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xBAB48000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xB030B000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBAB30000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBAC80000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBAC88000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBAB38000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xBAC78000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA7325000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBACCC000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xBACDC000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xBACC0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBACE4000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xBACC8000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xBACD4000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xBACE0000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xBA36D000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA365000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA3AA000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBACD0000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xBACC4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBACD8000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xBACB8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBACBC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA721D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB1504000 C:\WINDOWS\System32\Drivers\Elhid.sys 12288 bytes (Intel Corporation, -)
0xBA3A6000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xA80CA000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB1FC3000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA383D000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xBA39A000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB1FBB000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB1FA7000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBADAC000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xBAE1E000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBAE12000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBADB8000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xBADB4000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xBADB6000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBAE32000 C:\WINDOWS\System32\Drivers\Elkbd.sys 8192 bytes (Intel Corporation, -)
0xBAE22000 C:\WINDOWS\System32\Drivers\Elmon.sys 8192 bytes (Intel Corporation, -)
0xBAE30000 C:\WINDOWS\System32\Drivers\Elmou.sys 8192 bytes (Intel Corporation, -)
0xBAE10000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBADAE000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBADA8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBAE14000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xA7823000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBADBA000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xBAE16000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBAE34000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBADB0000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xBAE62000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBADB2000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBADAA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBAE89000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xAF9E5000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xBAF93000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xAFB85000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBAE71000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBAE70000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x89E79AEA ?_empty_? 1302 bytes
0x89E79EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x89E4B7C8 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xBA60D000 WARNING: suspicious driver modification [IASTOR.SYS::0x89E79AEA]
0x05CF0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 1077248 bytes
0x05E60000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 126976 bytes
0x03670000 Hidden Image-->System.XML.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 2060288 bytes
0x04A40000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 266240 bytes
0x047A0000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 270336 bytes
0x04410000 Hidden Image-->System.Data.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 2961408 bytes
0x05320000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 307200 bytes
0x038A0000 Hidden Image-->System.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 3158016 bytes
0x035E0000 Hidden Image-->System.configuration.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 438272 bytes
0xBA9C8000 WARNING: Virus alike driver modification [alim1541.sys], 45056 bytes
0x01380000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 471040 bytes
0x04880000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 479232 bytes
0x05570000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 5033984 bytes
0x012F0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 53248 bytes
0x05B40000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 634880 bytes
0x01330000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 77824 bytes
0x04350000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x88221DA0 ] PID: 3332, 778240 bytes
0x035C0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x88221DA0 ] PID: 3332, 86016 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\00J26H2G\collection-Season_2%7Cpos-atf%7Cenvid-origin%7Curi-_video_drive-by-somali_3400539%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdcopt-ist;[1]2]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\00J26H2G\collection-Season_2%7Cpos-atf%7Cenvid-origin%7Curi-_video_drive-by-somali_3400539%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdemo-D%7Cdcopt-ist;[2]2]
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]
[1100]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1120]pctsTray.exe-->kernel32.dll+0x000106F1, Type: Inline - PushRet 0x7C8106F1-->00000000 [unknown_code_page]
[1120]pctsTray.exe-->wsock32.dll-->recv, Type: IAT modification 0x004C22F0-->00000000 [wsock32.dll]
[1120]pctsTray.exe-->wsock32.dll-->recvfrom, Type: IAT modification 0x004C22EC-->00000000 [wsock32.dll]
[1120]pctsTray.exe-->wsock32.dll-->setsockopt, Type: IAT modification 0x004C22DC-->00000000 [wsock32.dll]
[1128]msmsgs.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1128]msmsgs.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1136]GoogleToolbarNotifier.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1156]E_FATIBOA.EXE-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1232]ctfmon.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1268]STMS.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1268]STMS.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1268]STMS.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1268]STMS.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1268]STMS.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1276]LogitechDesktopMessenger.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1288]MsMpEng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1328]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1328]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1328]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1328]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1348]fxssvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1480]PhotoshopElementsFileAgent.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1532]tcsd_win32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1616]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1732]spoolsv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1848]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1928]sfus.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1984]EBRR.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1984]EBRR.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1984]EBRR.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1984]EBRR.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1984]EBRR.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2052]AlertService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[2132]CCU_Engine.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[2200]EM_EXEC.EXE-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2620]mainserv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm

Re: Browser redirect problems

Unread postby tigerpaw57 » June 22nd, 2010, 11:26 am

Here is the rest of the log:
[unknown_code_page]
[2696]AppleMobileDeviceService.exe-->ws2_32.dll-->WSAAccept, Type: IAT modification 0x004111C0-->00000000 [ws2_32.dll]
[2696]AppleMobileDeviceService.exe-->ws2_32.dll-->WSACloseEvent, Type: IAT modification 0x004111D4-->00000000 [ws2_32.dll]
[2696]AppleMobileDeviceService.exe-->ws2_32.dll-->WSACreateEvent, Type: IAT modification 0x004111CC-->00000000 [ws2_32.dll]
[2696]AppleMobileDeviceService.exe-->ws2_32.dll-->WSAEnumNetworkEvents, Type: IAT modification 0x004111D8-->00000000 [ws2_32.dll]
[2696]AppleMobileDeviceService.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x004111B8-->00000000 [ws2_32.dll]
[2696]AppleMobileDeviceService.exe-->ws2_32.dll-->WSAIoctl, Type: IAT modification 0x004111D0-->00000000 [ws2_32.dll]
[2696]AppleMobileDeviceService.exe-->ws2_32.dll-->WSAResetEvent, Type: IAT modification 0x004111BC-->00000000 [ws2_32.dll]
[2696]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASetEvent, Type: IAT modification 0x004111C4-->00000000 [ws2_32.dll]
[2696]AppleMobileDeviceService.exe-->ws2_32.dll-->WSAWaitForMultipleEvents, Type: IAT modification 0x004111C8-->00000000 [ws2_32.dll]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2728]BDTUpdateService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[2736]apcsystray.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2968]ELService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[3044]DataServer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[3088]ehrecvr.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[3112]ehSched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[3144]SAgent2.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[3332]IntuitUpdateService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[3708]jqs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3708]jqs.exe-->ws2_32.dll-->WSACloseEvent, Type: IAT modification 0x004172A8-->00000000 [ws2_32.dll]
[3708]jqs.exe-->ws2_32.dll-->WSACreateEvent, Type: IAT modification 0x004172E8-->00000000 [ws2_32.dll]
[3708]jqs.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x004172C0-->00000000 [ws2_32.dll]
[3708]jqs.exe-->ws2_32.dll-->WSAResetEvent, Type: IAT modification 0x004172E4-->00000000 [ws2_32.dll]
[3708]jqs.exe-->ws2_32.dll-->WSASetEvent, Type: IAT modification 0x004172DC-->00000000 [ws2_32.dll]
[3708]jqs.exe-->ws2_32.dll-->WSAWaitForMultipleEvents, Type: IAT modification 0x004172E0-->00000000 [ws2_32.dll]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[3804]ncupdatesvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[384]GoogleCrashHandler.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[3868]nvsvc32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[3896]PRISMXL.SYS-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[4088]RoxWatch9.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[4184]Alert.exe-->kernel32.dll+0x000106F1, Type: Inline - PushRet 0x7C8106F1-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[4184]Alert.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[4184]Alert.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[4184]Alert.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[4184]Alert.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[4184]Alert.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[4184]Alert.exe-->wsock32.dll-->recv, Type: IAT modification 0x004D22D4-->00000000 [wsock32.dll]
[4184]Alert.exe-->wsock32.dll-->recvfrom, Type: IAT modification 0x004D22D0-->00000000 [wsock32.dll]
[4184]Alert.exe-->wsock32.dll-->setsockopt, Type: IAT modification 0x004D22C0-->00000000 [wsock32.dll]
[4228]alg.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[4228]alg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[4228]alg.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[4228]alg.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[4228]alg.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[4228]alg.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[4228]alg.exe-->ws2_32.dll-->WSAConnect, Type: IAT modification 0x010010F0-->00000000 [ws2_32.dll]
[4228]alg.exe-->ws2_32.dll-->WSAEnumNetworkEvents, Type: IAT modification 0x010010EC-->00000000 [ws2_32.dll]
[4228]alg.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x010010F4-->00000000 [ws2_32.dll]
[4228]alg.exe-->ws2_32.dll-->WSASocketW, Type: IAT modification 0x010010F8-->00000000 [ws2_32.dll]
[480]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[480]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[480]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[480]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[480]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[480]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[480]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[480]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[5556]ehmsas.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[5556]ehmsas.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[556]SmileboxTray.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[568]pctsAuxs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[5788]dllhost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[5788]dllhost.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[5788]dllhost.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[5788]dllhost.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[5788]dllhost.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll+0x000013E1, Type: Inline - PushRet 0x032713E1-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll+0x000013E2, Type: Inline - RelativeCall 0x032713E2-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x000013EA, Type: Inline - RelativeJump 0x032713EA-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x000013F3, Type: Inline - RelativeJump 0x032713F3-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x000013FE, Type: Inline - RelativeCall 0x032713FE-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001403, Type: Inline - RelativeCall 0x03271403-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x0000140A, Type: Inline - RelativeJump 0x0327140A-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001413, Type: Inline - RelativeCall 0x03271413-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001418, Type: Inline - RelativeJump 0x03271418-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x0000141D, Type: Inline - PushRet 0x0327141D-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll+0x0000142D, Type: Inline - RelativeJump 0x0327142D-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001442, Type: Inline - RelativeJump 0x03271442-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001459, Type: Inline - RelativeJump 0x03271459-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001460, Type: Inline - RelativeJump 0x03271460-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001468, Type: Inline - RelativeCall 0x03271468-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001491, Type: Inline - RelativeJump 0x03271491-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x0000149D, Type: Inline - RelativeJump 0x0327149D-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001DCC, Type: Inline - RelativeJump 0x03271DCC-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001E1C, Type: Inline - RelativeJump 0x03271E1C-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001E80, Type: Inline - RelativeJump 0x03271E80-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001E90, Type: Inline - RelativeJump 0x03271E90-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001E9C, Type: Inline - RelativeJump 0x03271E9C-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001EAC, Type: Inline - RelativeJump 0x03271EAC-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001ECC, Type: Inline - RelativeJump 0x03271ECC-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001EE0, Type: Inline - RelativeJump 0x03271EE0-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001EF8, Type: Inline - RelativeJump 0x03271EF8-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001F08, Type: Inline - RelativeJump 0x03271F08-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001F18, Type: Inline - RelativeJump 0x03271F18-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001F3C, Type: Inline - RelativeJump 0x03271F3C-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001F50, Type: Inline - RelativeJump 0x03271F50-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001F7C, Type: Inline - RelativeJump 0x03271F7C-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00001FB4, Type: Inline - RelativeJump 0x03271FB4-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00002018, Type: Inline - RelativeJump 0x03272018-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00002024, Type: Inline - RelativeJump 0x03272024-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00002030, Type: Inline - RelativeJump 0x03272030-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00002032, Type: Inline - RelativeJump 0x03272032-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x0000203C, Type: Inline - RelativeJump 0x0327203C-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x0000203E, Type: Inline - RelativeJump 0x0327203E-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00002048, Type: Inline - RelativeJump 0x03272048-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x0000204A, Type: Inline - RelativeJump 0x0327204A-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x0000229E, Type: Inline - RelativeJump 0x0327229E-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00002354, Type: Inline - RelativeCall 0x03272354-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x0000235B, Type: Inline - RelativeJump 0x0327235B-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00002368, Type: Inline - PushRet 0x03272368-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll+0x00002429, Type: Inline - RelativeJump 0x03272429-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x0000250C, Type: Inline - RelativeJump 0x0327250C-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll+0x00002F1B, Type: Inline - RelativeJump 0x03272F1B-->00000000 [Settings.sdp]
[592]pctsSvc.exe-->wsock32.dll-->kernel32.dll-->DisableThreadLibraryCalls, Type: IAT modification 0x71AD1000-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x71AD1008-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x71AD100C-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x71AD1004-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll-->kernel32.dll-->GetTickCount, Type: IAT modification 0x71AD1010-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x71AD1018-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll-->recv, Type: IAT modification 0x004E7590-->00000000 [wsock32.dll]
[592]pctsSvc.exe-->wsock32.dll-->recvfrom, Type: IAT modification 0x004E758C-->00000000 [wsock32.dll]
[592]pctsSvc.exe-->wsock32.dll-->setsockopt, Type: IAT modification 0x004E757C-->00000000 [wsock32.dll]
[592]pctsSvc.exe-->wsock32.dll-->ws2_32.dll-->WSARecv, Type: IAT modification 0x71AD102C-->00000000 [unknown_code_page]
[592]pctsSvc.exe-->wsock32.dll-->ws2_32.dll-->WSARecvFrom, Type: IAT modification 0x71AD1028-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[5960]RoxMediaDB9.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[648]ehtray.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[648]ehtray.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[648]ehtray.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[648]ehtray.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[648]ehtray.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[664]readericon45G.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[664]readericon45G.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[664]readericon45G.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[664]readericon45G.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[664]readericon45G.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[680]IntelAudioStudio.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[692]IntelHCTAgent.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[716]CCU_TrayIcon.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[772]gnotify.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[772]gnotify.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[772]gnotify.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[772]gnotify.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[772]gnotify.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[784]rundll32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[784]rundll32.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[784]rundll32.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[784]rundll32.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[784]rundll32.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[796]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[808]csrss.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[816]SFAgent.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[816]SFAgent.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[816]SFAgent.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[816]SFAgent.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[816]SFAgent.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[836]winlogon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[836]winlogon.exe-->ws2_32.dll-->getaddrinfo, Type: IAT modification 0x01001A28-->00000000 [ws2_32.dll]
[884]services.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[884]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[896]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[900]ups.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[972]MSASCui.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[972]MSASCui.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[972]MSASCui.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[972]MSASCui.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[972]MSASCui.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm

Re: Browser redirect problems

Unread postby Cypher » June 22nd, 2010, 12:06 pm

Hi tigerpaw57.
I successfully ran Rootkit Unhooker and here is the first part of the log

You're doing great well done :)
Ok please continue with the instructions below.
There is a few things to do just take you're time you will be fine :)


Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\WINDOWS\system32\blank.htm"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\WINDOWS\system32\blank.htm"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}]
    [-HKEY_CLASSES_ROOT\CLSID\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    [-HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0BF43445-2F28-4351-9252-17FE6E806AA0}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KernelFaultCheck"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
    [-HKEY_CLASSES_ROOT\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    
    :Files
    C:\WINDOWS\tasks\Documents backup.job
    C:\WINDOWS\tasks\ISP signup reminder 2.job
    C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Startup.job
    C:\Program Files\Coupons
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next.

TDSSKiller

  • Please Download TDSSKiller.exe and save it on your desktop.
  • Important!: Run this fix once and once only.
  • Double click TDSSKiller.exe to run it.
  • a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 19.06.2010
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Logs/Information to Post in your Next Reply

  • OTM log.
  • TDSSKiller log.
  • RSIT log.txt log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser redirect problems

Unread postby tigerpaw57 » June 22nd, 2010, 3:53 pm

All processes killed
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Local Page"|"C:\WINDOWS\system32\blank.htm" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Local Page"|"C:\WINDOWS\system32\blank.htm" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk\ deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\Documents backup.job moved successfully.
C:\WINDOWS\tasks\ISP signup reminder 2.job moved successfully.
C:\WINDOWS\tasks\SLOW-PCfighter-Administrator-Startup.job moved successfully.
C:\Program Files\Coupons folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 5092899683 bytes
->Temporary Internet Files folder emptied: 438243942 bytes
->Java cache emptied: 91782752 bytes
->FireFox cache emptied: 35974968 bytes
->Flash cache emptied: 716331 bytes

User: All Users

User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jerry

User: Jerry.GATEWAY
->Temp folder emptied: 3812318 bytes
->Temporary Internet Files folder emptied: 912211 bytes

User: LocalService
->Temp folder emptied: 68658 bytes
->Temporary Internet Files folder emptied: 112024242 bytes
->Flash cache emptied: 8867 bytes

User: NetworkService
->Temp folder emptied: 555728 bytes
->Temporary Internet Files folder emptied: 194488821 bytes
->Java cache emptied: 2990 bytes
->Flash cache emptied: 35668 bytes

%systemdrive% .tmp files removed: 56096 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 589329 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 219751887 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10985270 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1383206 bytes
RecycleBin emptied: 158853184 bytes

Total Files Cleaned = 6,068.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06222010_145249
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm

Re: Browser redirect problems

Unread postby tigerpaw57 » June 22nd, 2010, 4:30 pm

15:59:11:937 5528 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
15:59:11:937 5528 ================================================================================
15:59:11:937 5528 SystemInfo:

15:59:11:937 5528 OS Version: 5.1.2600 ServicePack: 3.0
15:59:11:937 5528 Product type: Workstation
15:59:11:937 5528 ComputerName: GATEWAY
15:59:11:937 5528 UserName: Administrator
15:59:11:937 5528 Windows directory: C:\WINDOWS
15:59:11:937 5528 Processor architecture: Intel x86
15:59:11:937 5528 Number of processors: 2
15:59:11:937 5528 Page size: 0x1000
15:59:11:937 5528 Boot type: Normal boot
15:59:11:937 5528 ================================================================================
15:59:12:234 5528 Initialize success
15:59:12:234 5528
15:59:12:234 5528 Scanning Services ...
15:59:12:546 5528 Raw services enum returned 402 services
15:59:12:546 5528
15:59:12:546 5528 Scanning Drivers ...
15:59:13:421 5528 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
15:59:13:468 5528 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:59:13:484 5528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:59:13:484 5528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:59:13:500 5528 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:59:13:515 5528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:59:13:562 5528 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
15:59:13:593 5528 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:59:13:609 5528 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:59:13:609 5528 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:59:13:625 5528 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:59:13:640 5528 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:59:13:656 5528 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:59:13:703 5528 alim1541 (471ebb7fa0d122944d03736fb83aed0b) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:59:13:703 5528 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\alim1541.sys. Real md5: 471ebb7fa0d122944d03736fb83aed0b, Fake md5: cb08aed0de2dd889a8a820cd8082d83c
15:59:13:703 5528 File "C:\WINDOWS\system32\DRIVERS\alim1541.sys" infected by TDSS rootkit ... 15:59:15:140 5528 Backup copy not found, trying to cure infected file..
15:59:15:140 5528 Cure success, using it..
15:59:15:171 5528 will be cured on next reboot
15:59:15:312 5528 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:59:15:359 5528 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:59:15:406 5528 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:59:15:421 5528 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:59:15:437 5528 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:59:15:437 5528 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:59:15:468 5528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:59:15:484 5528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:59:15:500 5528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:59:15:531 5528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:59:15:562 5528 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
15:59:15:687 5528 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:59:15:781 5528 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:59:15:828 5528 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:59:15:875 5528 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
15:59:15:984 5528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:59:16:000 5528 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:59:16:015 5528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:59:16:046 5528 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:59:16:062 5528 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:59:16:093 5528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:59:16:093 5528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:59:16:140 5528 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
15:59:16:171 5528 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
15:59:16:187 5528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:59:16:234 5528 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:59:16:281 5528 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:59:16:281 5528 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:59:16:296 5528 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:59:16:312 5528 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:59:16:312 5528 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:59:16:328 5528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:59:16:375 5528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:59:16:437 5528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:59:16:453 5528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:59:16:468 5528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:59:16:484 5528 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:59:16:500 5528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:59:16:546 5528 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
15:59:16:578 5528 e1express (f239ec59b4a30266a4a7b081a5dee0fc) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
15:59:16:640 5528 ELacpi (c9e04311e2810131eeb4dc5c3e3b8181) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
15:59:16:656 5528 ELhid (5e58f151a79a8ac76cdb747e34186e8c) C:\WINDOWS\System32\Drivers\Elhid.sys
15:59:16:671 5528 ELkbd (cc1adacc2099c942cc8dad0c6a58f4f4) C:\WINDOWS\System32\Drivers\Elkbd.sys
15:59:16:687 5528 ELmon (b4280d16c080715bc073bcf03eae42bb) C:\WINDOWS\System32\Drivers\Elmon.sys
15:59:16:703 5528 ELmou (c5204040f97eb81631615bdc87e1da6a) C:\WINDOWS\System32\Drivers\Elmou.sys
15:59:16:734 5528 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
15:59:16:781 5528 EPUSBDSK (475bb53284da34a9765b201853356935) C:\WINDOWS\system32\DRIVERS\EPUSBDSK.sys
15:59:16:812 5528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:59:16:859 5528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:59:16:890 5528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:59:16:906 5528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:59:16:921 5528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:59:16:953 5528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:59:16:968 5528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:59:17:015 5528 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:59:17:062 5528 GoProto (3800262165ce4a2b9d1ed09e2bce3e9c) C:\WINDOWS\system32\DRIVERS\goprot51.sys
15:59:17:078 5528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:59:17:109 5528 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:59:17:140 5528 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
15:59:17:171 5528 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:59:17:187 5528 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:59:17:234 5528 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:59:17:281 5528 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:59:17:421 5528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:59:17:437 5528 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:59:17:484 5528 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:59:17:500 5528 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:59:17:546 5528 IAMTXP (b705032db7053e255d331ac8a639a1d3) C:\WINDOWS\system32\DRIVERS\IAMTXP.sys
15:59:17:593 5528 iaStor (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
15:59:17:625 5528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:59:17:640 5528 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:59:17:640 5528 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:59:17:671 5528 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:59:17:703 5528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:59:17:718 5528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:59:17:750 5528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:59:17:781 5528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:59:17:796 5528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:59:17:828 5528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:59:17:859 5528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:59:17:875 5528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:59:17:890 5528 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:59:17:984 5528 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
15:59:18:031 5528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:59:18:062 5528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:59:18:109 5528 L8042pr2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
15:59:18:125 5528 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
15:59:18:187 5528 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
15:59:18:218 5528 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:59:18:265 5528 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:59:18:312 5528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:59:18:343 5528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:59:18:343 5528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:59:18:359 5528 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:59:18:375 5528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:59:18:390 5528 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:59:18:390 5528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:59:18:453 5528 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:59:18:484 5528 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
15:59:18:500 5528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:59:18:515 5528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:59:18:531 5528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:59:18:562 5528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:59:18:593 5528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:59:18:640 5528 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:59:18:671 5528 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:59:18:718 5528 MxlW2k (31509f505fea9b37f9e59a10adcfe8f5) C:\WINDOWS\system32\drivers\MxlW2k.sys
15:59:18:765 5528 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:59:18:796 5528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:59:18:828 5528 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:59:18:843 5528 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:59:18:875 5528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:59:18:890 5528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:59:18:921 5528 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
15:59:18:937 5528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:59:18:968 5528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:59:19:000 5528 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:59:19:000 5528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:59:19:015 5528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:59:19:062 5528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:59:19:250 5528 nv (61bf339927f7a02c395f89fd8ad7ccfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:59:19:656 5528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:59:19:703 5528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:59:19:765 5528 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:59:19:796 5528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:59:19:796 5528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:59:19:843 5528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:59:19:859 5528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:59:19:890 5528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:59:19:906 5528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:59:19:953 5528 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
15:59:20:000 5528 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
15:59:20:031 5528 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:59:20:046 5528 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:59:20:078 5528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:59:20:093 5528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:59:20:109 5528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:59:20:140 5528 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:59:20:156 5528 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:59:20:171 5528 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:59:20:171 5528 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:59:20:187 5528 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:59:20:203 5528 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:59:20:234 5528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:59:20:265 5528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:59:20:281 5528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:59:20:281 5528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:59:20:312 5528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:59:20:328 5528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:59:20:343 5528 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:59:20:375 5528 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:59:20:390 5528 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:59:20:453 5528 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:59:20:500 5528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:59:20:531 5528 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:59:20:546 5528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:59:20:578 5528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:59:20:609 5528 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
15:59:20:640 5528 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:59:20:687 5528 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:59:20:718 5528 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:59:20:734 5528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:59:20:750 5528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:59:20:828 5528 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
15:59:20:890 5528 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:59:20:984 5528 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
15:59:21:031 5528 stmtpm (a641ad349077dc979e0046975f099dcb) C:\WINDOWS\system32\DRIVERS\stm_tpm.sys
15:59:21:062 5528 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:59:21:093 5528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:59:21:109 5528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:59:21:125 5528 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:59:21:140 5528 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:59:21:156 5528 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:59:21:156 5528 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:59:21:187 5528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:59:21:234 5528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:59:21:265 5528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:59:21:296 5528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:59:21:328 5528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:59:21:343 5528 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:59:21:515 5528 TSHWMDTCP (3f55dab936a6fc1d40375218040e4f09) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
15:59:21:625 5528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:59:21:656 5528 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:59:21:703 5528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:59:21:734 5528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:59:21:781 5528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:59:21:796 5528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:59:21:828 5528 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:59:21:875 5528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:59:21:890 5528 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:59:21:906 5528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:59:21:921 5528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:59:21:937 5528 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:59:21:953 5528 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:59:21:968 5528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:59:21:984 5528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:59:22:031 5528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:59:22:093 5528 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:59:22:203 5528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:59:22:234 5528 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:59:22:265 5528 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:59:22:296 5528 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:59:22:328 5528 X-Rite (b9dff9491cabbd3d2e00a350fdb4f44e) C:\WINDOWS\system32\DRIVERS\XrUsb.sys
15:59:22:343 5528 Reboot required for cure complete..
15:59:22:656 5528 Cure on reboot scheduled successfully
15:59:22:656 5528
15:59:22:656 5528 Completed
15:59:22:656 5528
15:59:22:656 5528 Results:
15:59:22:656 5528 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:59:22:656 5528 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:59:22:656 5528
15:59:22:656 5528 KLMD(ARK) unloaded successfully
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm

Re: Browser redirect problems

Unread postby tigerpaw57 » June 22nd, 2010, 5:17 pm

Here is the log file from RSIT:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Administrator at 2010-06-22 17:00:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 90 GB (60%) free of 148 GB
Total RAM: 2045 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:00:47 PM, on 6/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\ESM2\SAgent2.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe
C:\ESM2\STMS.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\ESM2\EBRR.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Spyware Doctor\Alert.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\WINDOWS\TEMP\E_S26A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/barney/children/games/imagination_game.html"
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoEZcolor 2.6\MonacoGamma.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} (AbImporter Class) - file:///C:/Documents%20and%20Settings/Administrator/Application%20Data/Smilebox/OzDesktopImporter.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://service.futuremark.com/virtualmark/tc/MSC3.cab
O16 - DPF: {E5C97835-6865-443E-8C33-671D9C71A6D0} (LedaX Control) - https://www.clientspace.com/download/RapidocsX.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///F:/cdviewer/CdViewer.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DataSvr - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\ESM2\SAgent2.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe

--
End of file - 15490 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm

Re: Browser redirect problems

Unread postby tigerpaw57 » June 22nd, 2010, 5:21 pm

Here is the rest of the log file from RSIT:
End of file - 15490 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-395324855-17082412-174624428-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-395324855-17082412-174624428-500UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-05-27 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-07 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-01 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
"SigmatelSysTrayApp"=sttray.exe []
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-04-19 9125888]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-03-29 375296]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-06-16 303104]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]
"nwiz"=nwiz.exe /install []
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-11-12 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"SPAMfighter Agent"=C:\Program Files\SPAMfighter\SFAgent.exe [2009-03-12 326792]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-05-11 1287120]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-03 68856]
"EPSON Stylus Photo R380 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE [2006-05-29 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SmileboxTray"=C:\Documents and Settings\Administrator\Application Data\Smilebox\SmileboxTray.exe [2010-05-20 304448]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 135664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE [2008-12-06 460216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
EPSON Background Monitor.lnk - C:\ESM2\STMS.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
MonacoGamma.lnk - C:\Program Files\Monaco Systems\MonacoEZcolor 2.6\MonacoGamma.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:LocalSubNet:Enabled:SPCM"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:LocalSubNet:Enabled:Intel(R) Viiv(TM) Media Server"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:LocalSubNet:Enabled:Intel(R) Remoting Service"
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2010-06-22 15:59:11 ----A---- C:\TDSSKiller.2.3.2.0_22.06.2010_15.59.11_log.txt
2010-06-22 14:52:49 ----D---- C:\_OTM
2010-06-22 12:44:42 ----D---- C:\WINDOWS\ERDNT
2010-06-22 12:37:45 ----D---- C:\Program Files\ERUNT
2010-06-20 20:53:14 ----D---- C:\rsit
2010-06-19 07:09:30 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-06-19 07:08:59 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-19 07:08:59 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-19 07:08:59 ----A---- C:\WINDOWS\system32\java.exe
2010-06-19 07:08:59 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-17 18:16:20 ----A---- C:\WINDOWS\BDTSupport.dll.old
2010-06-17 18:16:20 ----A---- C:\WINDOWS\BDTSupport.dll
2010-06-17 18:16:19 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-06-17 18:16:19 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-06-17 18:16:19 ----A---- C:\WINDOWS\PCTBDCore.dll.old
2010-06-17 18:16:19 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-06-17 18:13:29 ----D---- C:\Program Files\Spyware Doctor
2010-06-17 18:13:29 ----D---- C:\Program Files\Common Files\PC Tools
2010-06-17 18:13:29 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-06-17 18:13:29 ----D---- C:\Documents and Settings\Administrator\Application Data\PC Tools
2010-06-09 22:25:10 ----D---- C:\Program Files\Mozilla Firefox
2010-06-08 17:54:26 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2010-05-28 23:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

======List of files/folders modified in the last 1 months======

2010-06-22 17:00:47 ----D---- C:\WINDOWS\Prefetch
2010-06-22 17:00:43 ----D---- C:\WINDOWS\Temp
2010-06-22 17:00:43 ----D---- C:\Program Files\Trend Micro
2010-06-22 17:00:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-22 16:23:19 ----D---- C:\Program Files\SPAMfighter
2010-06-22 16:21:59 ----D---- C:\WINDOWS
2010-06-22 16:09:07 ----D---- C:\WINDOWS\system32
2010-06-22 16:09:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-22 16:07:49 ----SD---- C:\WINDOWS\Tasks
2010-06-22 16:05:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-22 16:05:22 ----D---- C:\WINDOWS\Registration
2010-06-22 16:05:07 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2010-06-22 16:04:30 ----D---- C:\WINDOWS\system32\drivers
2010-06-22 16:03:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-22 14:53:01 ----RD---- C:\Program Files
2010-06-21 19:26:28 ----A---- C:\WINDOWS\win.ini
2010-06-21 18:01:18 ----D---- C:\Documents and Settings\Administrator\Application Data\Smilebox
2010-06-21 09:40:55 ----SHD---- C:\WINDOWS\CSC
2010-06-20 21:40:55 ----D---- C:\WINDOWS\Minidump
2010-06-20 20:41:36 ----SHD---- C:\WINDOWS\Installer
2010-06-20 20:41:36 ----D---- C:\Config.Msi
2010-06-20 20:41:32 ----D---- C:\Program Files\Java
2010-06-19 07:09:29 ----D---- C:\Program Files\Common Files\Java
2010-06-18 20:47:05 ----HD---- C:\WINDOWS\inf
2010-06-17 18:13:38 ----D---- C:\WINDOWS\WinSxS
2010-06-17 18:13:29 ----D---- C:\Program Files\Common Files
2010-06-17 08:44:00 ----D---- C:\Program Files\Google
2010-06-16 23:16:44 ----SHD---- C:\System Volume Information
2010-06-16 22:47:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-10 23:03:52 ----D---- C:\WINDOWS\network diagnostic
2010-06-08 20:54:03 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-08 17:20:12 ----D---- C:\WINDOWS\system32\config
2010-06-08 17:19:44 ----D---- C:\WINDOWS\system32\wbem
2010-06-02 07:55:02 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-02-03 179200]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-05 9728]
R3 EPUSBDSK;EPSON USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\EPUSBDSK.sys [2001-09-26 29983]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS; C:\WINDOWS\system32\DRIVERS\IAMTXP.sys [2005-11-29 40448]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-11-07 51486]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2009-08-31 28256]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-11-12 6188320]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-16 47360]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-20 1156648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys []
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-07-24 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-07-24 2560]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2007-01-22 29184]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X-Rite;X-Rite USB Service; C:\WINDOWS\system32\DRIVERS\XrUsb.sys [2003-11-06 14936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-06-16 188416]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-28 267432]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2004-01-21 155770]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 DataSvr;DataSvr; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2005-08-30 290816]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ELService;Intel(R) Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe [2006-06-01 180224]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\ESM2\SAgent2.exe [2001-08-09 90112]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 NCUpdateSvc;Netscape Update Service; C:\Program Files\Netscape Internet Service\ncupdatesvc.exe [2004-04-06 53248]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-11-12 163908]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-01-22 196608]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-12-01 166648]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\Program Files\SPAMfighter\sfus.exe [2009-03-12 184968]
R2 tcsd_win32.exe;NTRU Hybrid TSS v1.05 TCSD; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe [2005-03-07 180224]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-12-01 887544]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-03 133104]
S2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-06-15 77824]
S2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-05-27 25600]
S2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-06-15 147456]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-06-15 397312]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2006-11-26 294912]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2006-12-01 310008]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2006-11-26 57344]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
tigerpaw57
Regular Member
 
Posts: 20
Joined: June 17th, 2010, 10:03 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware