Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Broswer redirect and unable to do windows update

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Broswer redirect and unable to do windows update

Unread postby efgonzo » July 18th, 2010, 5:53 pm

When I am on a google search page, when i click on one of the search choices it then redirects to a shopping site. Different ones. I am also unable to do a windows update. Malwarebytes does not pick up anything.

Below is Hijackthis log. Any help would be greatly appreciated. Thank you. Ed

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:45:15 PM, on 7/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1187395945\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ed\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187395945\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
efgonzo
Regular Member
 
Posts: 17
Joined: January 27th, 2010, 10:25 pm
Advertisement
Register to Remove

Re: Broswer redirect and unable to do windows update

Unread postby Cypher » July 21st, 2010, 7:08 am

Hi and welcome to Malware Removal Forum, i apologize for the delay in answering your request for help the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Backup Made Easy



Please post an Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Broswer redirect and unable to do windows update

Unread postby efgonzo » July 21st, 2010, 8:21 am

Hi Cypher, thanks for getting back to me.

As instructed I ran the hijackthis uninstall manager. Below are the results.

32 Bit HP CIO Components Installer
5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
AVG Free 9.0
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
CA Pest Patrol Realtime Protection
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant AC-Link Audio
Crystal Maze from Hewlett-Packard Laptops (remove only)
Customer Experience Enhancement
DivX
Easy Internet Sign-up
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP DVD Play 2.0
HP Game Console and games
HP Help and Support
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Product Detection
HP Rhapsody
HP Update
HP User Guides 0025
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Money 2006
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
Netscape Browser (remove only)
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
Panda ActiveScan 2.0
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quicken 2006
QuickTime
RealPlayer Basic
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
RTC Client API v1.2
SCRABBLE from Hewlett-Packard Laptops (remove only)
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TourSetup
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Viewpoint Media Player
Wireless Home Network Setup
efgonzo
Regular Member
 
Posts: 17
Joined: January 27th, 2010, 10:25 pm

Re: Broswer redirect and unable to do windows update

Unread postby Cypher » July 21st, 2010, 11:21 am

Hi efgonzo.
thanks for getting back to me.

You're welcome.
Continue with the instructions below.

Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.

Disable Windows Defender

  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  • Click on the Save button at the bottom right hand corner.
  • Note: Please do not Re-enable this until i tell you to do so.

Next.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition

Spybot - Search & Destroy

Note: "If asked whether you want to remove all settings, answer YES"
(This will remove the immunization and Teatimer settings.)

Now please reboot your system.



Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • Note: This log can be big you may need post it in separate replies.


Logs/Information to Post in your Next Reply

  • RSIT log.txt and info.txt contents.
  • RKUnHooker log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Broswer redirect and unable to do windows update

Unread postby efgonzo » July 21st, 2010, 9:54 pm

HI Cypher,

The first thing you wanted me to do is disable Windows Defender. When I went to do that discovered it was already disabled.

I then uninstalled the programs you indicated and then restarted system.

I downloaded RIST. I ran RIST in admin mode but made a mistake. I did not save the info.txt file. I tried to run RIST again but the 2nd time it did not generate an info file,,just a log file. Below is the Rist log.txt

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ed at 2010-07-21 20:20:10
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 16 GB (33%) free of 50 GB
Total RAM: 1406 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:20:16 PM, on 7/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1187395945\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Ed\Desktop\RSIT.exe
C:\Program Files\trend micro\Ed.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187395945\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7164 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{4C4EB4BA-D192-4F50-AEE8-98A86ED65F7F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-21 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-04-12 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-07 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-12-04 26112]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1021224]
"HostManager"=C:\Program Files\Common Files\AOL\1187395945\ee\AOLSoftware.exe [2008-06-24 41824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]
""= []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-16 2065760]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-14 39408]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2010-02-09 2356088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticecaption"=
"legalnoticetext"=
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1165210379\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1165210379\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1165210379\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1165210379\EE\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe"="C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-21 20:14:35 ----D---- C:\Program Files\trend micro
2010-07-21 20:14:34 ----D---- C:\rsit
2010-07-16 17:35:50 ----A---- C:\Windows\system32\avgrsstx.dll

======List of files/folders modified in the last 1 months======

2010-07-21 20:14:35 ----RD---- C:\Program Files
2010-07-21 20:10:54 ----SD---- C:\Windows\Tasks
2010-07-21 20:10:49 ----D---- C:\Program Files\Mozilla Firefox
2010-07-21 20:10:02 ----D---- C:\Windows
2010-07-21 20:09:32 ----A---- C:\hpqp.ini
2010-07-21 20:09:31 ----A---- C:\XP_TV.ini
2010-07-21 20:07:02 ----HD---- C:\Config.Msi
2010-07-21 20:07:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-21 20:05:53 ----A---- C:\Windows\SchedLgU.Txt
2010-07-21 20:04:06 ----SHD---- C:\Windows\Installer
2010-07-21 20:04:06 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-21 20:04:06 ----D---- C:\Program Files\Common Files
2010-07-21 20:02:54 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-21 20:01:36 ----D---- C:\Program Files\Java
2010-07-21 20:01:29 ----D---- C:\Windows\System32
2010-07-21 19:58:16 ----D---- C:\Windows\Temp
2010-07-21 19:46:22 ----D---- C:\Windows\system32\drivers\Avg
2010-07-18 19:02:52 ----D---- C:\Windows\Prefetch
2010-07-18 14:26:09 ----A---- C:\VETlog.txt
2010-07-18 14:25:02 ----A---- C:\Windows\win.ini
2010-07-16 17:36:39 ----D---- C:\Windows\system32\drivers
2010-07-12 20:41:41 ----SD---- C:\Windows\Downloaded Program Files
2010-07-12 20:41:37 ----SD---- C:\Users\Ed\AppData\Roaming\Microsoft
2010-07-12 20:41:25 ----D---- C:\Windows\Downloaded Installations
2010-06-27 10:13:50 ----D---- C:\Windows\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2005-11-03 46080]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-05 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
R2 ASCTRM;ASCTRM; C:\Windows\system32\drivers\ASCTRM.sys [2006-12-04 8552]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
R3 CAMCAUD;Conexant AMC Audio; C:\Windows\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; C:\Windows\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 2085888]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-07-22 51200]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-15 191408]
R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWATI;VSTHWATI; C:\Windows\system32\DRIVERS\VSTATI3.SYS [2006-11-02 236032]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S1 eabfiltr;EABFiltr; \??\C:\Windows\system32\drivers\EABFiltr.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 ICAM3NT5;Intel USB Video Camera III; C:\Windows\System32\Drivers\Icam3.sys [2001-08-17 141056]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-06-28 106496]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2006-11-24 557056]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-22 98304]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-10 194104]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

-----------------EOF-----------------


I will continue my report in next reply as instructed
efgonzo
Regular Member
 
Posts: 17
Joined: January 27th, 2010, 10:25 pm

Re: Broswer redirect and unable to do windows update

Unread postby efgonzo » July 21st, 2010, 10:10 pm

Continuing

I then downloaded rootkit unhooker as instructed. I ran that in admin mode

One thing that happened that you did not indicate would..... after i checked and unchecked the differnt options as instructed...it started to scan..but shortly after start a mesage popped up asking what drives i wanted to scan. there was a "C" drive and "D" drive with check marks next to them. I clicked on "OK" and it started scanning. This went on for over 30 minutes and I could see no process. The hard drive was working but i saw no scanning process within the RKu program.

At this point my screen went black and then came back and up popped a windows error message. "ATI External Event Utility Exe module stopped working and was closed." I hit "close".

The Rku had now been going for about 35 minutes and i didnt see any progress within the program so I hit "cancel" on the screen that said to cancel scan.

Windows would not stop the program. up popped an end process box which i then selected end process and still nothing happened. It indicated Rku not responding. Nothing i could do. I then decided to shut down computer.

I restarted computer and then restarted the Rootkig un hooker. I started scan as instructed again. I watched it closely and saw it do the stealth codes tab and when it got to "files" tab up popped the screen on what drives i wanted to scan...i clicked ok and it started scanning. Or so I though because i could see no indication of it working. I went to task manager and noticed the Rootkit Unhooker was at 0% CPU and something called 30CB80EF.exe was using up about 65% CPU power. I let this go fo about 15 minutes and when I saw that rootkit was still at 0% CPU I hit cancel in the scan window....then the tab went to code hooks then went to report. Below is the report that was generated.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x89A0B000 C:\Windows\system32\DRIVERS\atikmdag.sys 7540736 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x81A3B000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81A3B000 PnpManager 3903488 bytes
0x81A3B000 RAW 3903488 bytes
0x81A3B000 WMIxWDM 3903488 bytes
0x916A0000 Win32k 2105344 bytes
0x916A0000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A403000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x86004000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82478000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8A64B000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1064960 bytes (Conexant Systems, Inc., HSF_DP driver)
0x82609000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x8046E000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x982CD000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8A80E000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x97609000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8A13C000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8054E000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82407000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x97710000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8A55C000 C:\Windows\system32\drivers\camc6hal.sys 352256 bytes (Conexant Systems Inc., Conexant AmcHal Driver)
0x9827D000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x806AB000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8AC8D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80602000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8A607000 C:\Windows\system32\DRIVERS\VSTATI3.SYS 278528 bytes (Conexant Systems, Inc., HSFHWATI WDM driver)
0x8042D000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8A8FD000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8273E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8AD0C000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x825AE000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8AC0D000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x98205000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x86114000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8A74F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8AD6F000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x81A08000 ACPI_HAL 208896 bytes
0x81A08000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x80746000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8AC47000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8A8CE000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x827B6000 C:\Windows\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8A5BC000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82583000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x807B9000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x976C9000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8ADA3000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x86164000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80659000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x98256000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x80794000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8A96B000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8619C000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x977C8000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8A7AF000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x805D7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80728000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9777D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x826F3000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x807E3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9779A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8278B000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9823E000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8AD52000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8A949000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x983D4000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8ACD5000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x827E4000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x977B3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8A9B1000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8A99D000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8AC79000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x827A3000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x976FD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8ACF9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8618B000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8A784000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80414000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A54B000 C:\Windows\system32\DRIVERS\Rtnicxp.sys 69632 bytes (Realtek Semiconductor Corporation , Realtek 10/100 NDIS 5.1 Driver )
0x8270E000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x80778000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8271E000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x976B9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8070A000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8A9CC000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x861CE000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x86155000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80680000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8A98E000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8277C000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8069C000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x918E0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8ACEB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8A7EB000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806FC000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8ADCB000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8A8C1000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8A9E8000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805CA000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x80788000 C:\Windows\System32\Drivers\PxHelp20.sys 49152 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x983B5000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8A7A3000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8A1DD000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8ADD8000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8A1F3000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x89A00000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8A7E0000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8A960000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8A93E000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x80692000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8A5B2000 C:\Windows\system32\drivers\camc6aud.sys 40960 bytes (Conexant Systems Inc., Conexant WDM AC97 Audio Driver)
0x8ADEB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8A9DE000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x976F3000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8AD48000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x983AB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A1E9000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x983C1000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x861C5000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8A800000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8A9F5000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x983EA000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8A5E9000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x918C0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x861EE000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82735000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80648000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80720000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x861BD000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x80425000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8ADE3000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x80651000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8A7D0000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A7D8000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8614D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8A79C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8272E000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8040D000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8A795000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806F5000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AD69000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8071A000 C:\Windows\system32\drivers\pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0x8A9C6000 C:\Windows\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0x861FA000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8068F000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x861F7000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0x982CB000 C:\Windows\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
0x8A9DC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8A1FE000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x85069CE2 ?_empty_? 798 bytes
!!!!!!!!!!!Hidden driver: 0x8518BD28 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0x80720000 WARNING: suspicious driver modification [atapi.sys::0x85069CE2]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81AE37AA-->81AE37B1 [ntkrnlpa.exe]
[1040]svchost.exe-->advapi32.dll-->GetTokenInformation, Type: IAT modification 0x010010FC-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->InitializeSecurityDescriptor, Type: IAT modification 0x01001100-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[1040]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[1040]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[1040]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[1040]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: IAT modification 0x0100113C-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x01001130-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegDisablePredefinedCacheEx, Type: IAT modification 0x01001118-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegisterServiceCtrlHandlerW, Type: IAT modification 0x01001134-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0100112C-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x01001128-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->SetEntriesInAclW, Type: IAT modification 0x0100110C-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->SetSecurityDescriptorDacl, Type: IAT modification 0x01001110-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->SetSecurityDescriptorGroup, Type: IAT modification 0x01001108-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->SetSecurityDescriptorOwner, Type: IAT modification 0x01001104-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->SetServiceStatus, Type: IAT modification 0x01001138-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->StartServiceCtrlDispatcherW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[1040]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[1040]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[1040]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[1040]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[1040]svchost.exe-->kernel32.dll-->ActivateActCtx, Type: IAT modification 0x0100109C-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x01001074-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->CreateActCtxW, Type: IAT modification 0x01001008-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->DeactivateActCtx, Type: IAT modification 0x01001090-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->DelayLoadFailureHook, Type: IAT modification 0x01001018-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->ExitProcess, Type: IAT modification 0x01001050-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->ExpandEnvironmentStringsW, Type: IAT modification 0x01001004-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x01001084-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetCommandLineW, Type: IAT modification 0x0100104C-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetCurrentProcess, Type: IAT modification 0x01001044-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x01001038-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x01001034-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetLastError, Type: IAT modification 0x01001098-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x01001028-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0100108C-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x0100103C-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x01001030-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->HeapFree, Type: IAT modification 0x01001068-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->HeapSetInformation, Type: IAT modification 0x01001000-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x01001080-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x0100101C-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->LCMapStringW, Type: IAT modification 0x01001010-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0100107C-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x01001078-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->LocalFree, Type: IAT modification 0x01001070-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->lstrcmpiW, Type: IAT modification 0x010010AC-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->lstrcmpW, Type: IAT modification 0x010010A4-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->lstrlenW, Type: IAT modification 0x01001014-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x0100102C-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->RegisterWaitForSingleObject, Type: IAT modification 0x01001020-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->ReleaseActCtx, Type: IAT modification 0x0100100C-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->SetErrorMode, Type: IAT modification 0x01001060-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->SetProcessAffinityUpdateMode, Type: IAT modification 0x01001054-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x01001024-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x01001088-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x01001040-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x01001048-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: IAT modification 0x0100106C-->00000000 [unknown_code_page]
[1040]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [CACheck.dll]
[1040]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6D641248-->00000000 [CACheck.dll]
[1040]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6D6411F8-->00000000 [CACheck.dll]
[1040]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: IAT modification 0x01001158-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->RtlCopySid, Type: IAT modification 0x0100114C-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->RtlFreeHeap, Type: IAT modification 0x01001148-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->RtlImageNtHeader, Type: IAT modification 0x01001160-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->RtlInitializeCriticalSection, Type: IAT modification 0x0100116C-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->RtlInitializeSid, Type: IAT modification 0x0100115C-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->RtlLengthRequiredSid, Type: IAT modification 0x01001154-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->RtlSetProcessIsCritical, Type: IAT modification 0x01001164-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->RtlSubAuthorityCountSid, Type: IAT modification 0x01001150-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->RtlSubAuthoritySid, Type: IAT modification 0x01001144-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->RtlUnhandledExceptionFilter, Type: IAT modification 0x01001168-->00000000 [unknown_code_page]
[1040]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[1040]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[1040]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[1040]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[1040]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[1040]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[1040]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[1040]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[1040]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[1040]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[1040]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[1040]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[1040]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[1040]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[1224]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[1224]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[1224]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [CACheck.dll]
[1224]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6D641248-->00000000 [CACheck.dll]
[1224]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6D6411F8-->00000000 [CACheck.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[1224]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[1224]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[1224]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[1224]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[1224]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[1224]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[1224]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[1224]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[1224]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[1224]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[1300]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[1300]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[1300]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[1300]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[1300]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[1300]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[1300]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[1300]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[1300]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [CACheck.dll]
[1300]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6D641248-->00000000 [CACheck.dll]
[1300]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6D6411F8-->00000000 [CACheck.dll]
[1300]svchost.exe-->shell32.dll-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x768E1C94-->00000000 [CACheck.dll]
[1300]svchost.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [CACheck.dll]
[1300]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [CACheck.dll]
[1300]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [CACheck.dll]
[1300]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [CACheck.dll]
[1300]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [CACheck.dll]
[1300]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[1300]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[1300]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[1300]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[1300]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[1300]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[1300]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[1300]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[1300]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[1300]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[1300]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[1300]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[1300]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[1300]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[1364]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[1364]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[1364]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[1364]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[1364]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[1364]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[1364]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[1364]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[1364]svchost.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x74862671-->00000000 [unknown_code_page]
[1364]svchost.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x748627D4-->00000000 [unknown_code_page]
[1364]svchost.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x74862995-->00000000 [unknown_code_page]
[1364]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E45DC8-->00000000 [unknown_code_page]
[1364]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E44D34-->00000000 [unknown_code_page]
[1364]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E45674-->00000000 [unknown_code_page]
[1364]svchost.exe-->shell32.dll-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x768E1C94-->00000000 [CACheck.dll]
[1364]svchost.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [CACheck.dll]
[1364]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [CACheck.dll]
[1364]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [CACheck.dll]
[1364]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [CACheck.dll]
[1364]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [CACheck.dll]
[1364]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x76BC0B88-->00000000 [unknown_code_page]
[1364]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[1364]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[1364]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[1364]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[1364]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[1508]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[1508]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[1508]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[1508]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[1508]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[1508]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[1508]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[1508]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[1508]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[1508]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[1508]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[1508]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[1508]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[1508]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[1508]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[1508]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[1508]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[1508]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[1508]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[1508]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[1508]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[1508]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[1604]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[1604]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[1604]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[1604]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[1604]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[1604]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[1604]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[1604]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[1604]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [CACheck.dll]
[1604]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6D641248-->00000000 [CACheck.dll]
[1604]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6D6411F8-->00000000 [CACheck.dll]
[1604]svchost.exe-->shell32.dll-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x768E1C94-->00000000 [CACheck.dll]
[1604]svchost.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [CACheck.dll]
[1604]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [CACheck.dll]
[1604]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [CACheck.dll]
[1604]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [CACheck.dll]
[1604]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [CACheck.dll]
[1604]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[1604]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[1604]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[1604]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[1604]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[1604]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[1604]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[1604]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[1604]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[1604]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[1604]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[1604]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[1604]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[1604]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[1740]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[1740]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[1740]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[1740]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[1740]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[1740]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[1740]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[1740]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[1740]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [CACheck.dll]
[1740]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6D641248-->00000000 [CACheck.dll]
[1740]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6D6411F8-->00000000 [CACheck.dll]
[1740]svchost.exe-->shell32.dll-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x768E1C94-->00000000 [CACheck.dll]
[1740]svchost.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [CACheck.dll]
[1740]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [CACheck.dll]
[1740]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [CACheck.dll]
[1740]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [CACheck.dll]
[1740]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [CACheck.dll]
[1740]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[1740]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[1740]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[1740]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[1740]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[1740]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[1740]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[1740]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[1740]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[1740]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[1740]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[1740]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[1740]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[1740]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[2140]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[2140]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[2140]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[2140]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[2140]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[2140]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[2140]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[2140]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[2140]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[2140]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[2140]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[2140]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[2140]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[2140]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[2140]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[2140]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[2140]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[2140]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[2140]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[2140]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[2140]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[2140]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[2188]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[2188]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[2188]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[2188]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[2188]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[2188]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[2188]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[2188]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[2188]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[2188]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[2188]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[2188]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[2188]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[2188]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[2188]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[2188]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[2188]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[2188]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[2188]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[2188]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[2188]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[2188]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[2228]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[2228]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[2228]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[2228]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[2228]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[2228]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[2228]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[2228]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[2228]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [CACheck.dll]
[2228]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6D641248-->00000000 [CACheck.dll]
[2228]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6D6411F8-->00000000 [CACheck.dll]
[2228]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[2228]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[2228]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[2228]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[2228]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[2228]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[2228]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[2228]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[2228]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[2228]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[2228]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[2228]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[2228]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[2228]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[2256]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[2256]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[2256]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[2256]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[2256]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[2256]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[2256]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[2256]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[2256]svchost.exe-->shell32.dll-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x768E1C94-->00000000 [CACheck.dll]
[2256]svchost.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [CACheck.dll]
[2256]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [CACheck.dll]
[2256]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [CACheck.dll]
[2256]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [CACheck.dll]
[2256]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [CACheck.dll]
[2256]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[2256]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[2256]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[2256]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[2256]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[2256]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[2256]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[2256]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[2256]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[2256]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[2256]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[2256]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[2256]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[2256]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[2300]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[2300]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[2300]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[2300]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[2300]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[2300]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[2300]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[2300]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[2300]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[2300]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[2300]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[2300]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[2300]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[2300]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[2300]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[2300]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[2300]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[2300]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[272]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[272]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[272]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[272]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[272]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[272]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[272]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[272]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[272]svchost.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [CACheck.dll]
[272]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6D641248-->00000000 [CACheck.dll]
[272]svchost.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6D6411F8-->00000000 [CACheck.dll]
[272]svchost.exe-->shell32.dll-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x768E1C94-->00000000 [CACheck.dll]
[272]svchost.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [CACheck.dll]
[272]svchost.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [CACheck.dll]
[272]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [CACheck.dll]
[272]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [CACheck.dll]
[272]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [CACheck.dll]
[272]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[272]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[272]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[272]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[272]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[272]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[272]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[272]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[272]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[272]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[272]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[272]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[272]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[272]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[2908]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[2908]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[2908]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[2908]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[2908]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[2908]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[2908]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[2908]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[2908]explorer.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x74862671-->00000000 [unknown_code_page]
[2908]explorer.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x748627D4-->00000000 [unknown_code_page]
[2908]explorer.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x74862995-->00000000 [unknown_code_page]
[2908]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E45DC8-->00000000 [unknown_code_page]
[2908]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E44D34-->00000000 [unknown_code_page]
[2908]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E45674-->00000000 [unknown_code_page]
[2908]explorer.exe-->shell32.dll-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x768E1C94-->00000000 [CACheck.dll]
[2908]explorer.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [CACheck.dll]
[2908]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [CACheck.dll]
[2908]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [CACheck.dll]
[2908]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [CACheck.dll]
[2908]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [CACheck.dll]
[2908]explorer.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[2908]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[2908]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[2908]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[2908]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[3296]realplay.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[3296]realplay.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x00404000-->00000000 [AcLayers.dll]
[3296]realplay.exe-->advapi32.dll-->RegCreateKeyA, Type: IAT modification 0x00404010-->00000000 [AcGenral.dll]
[3296]realplay.exe-->advapi32.dll-->RegDeleteKeyA, Type: IAT modification 0x00404014-->00000000 [AcLayers.dll]
[3296]realplay.exe-->advapi32.dll-->RegEnumKeyA, Type: IAT modification 0x00404018-->00000000 [AcLayers.dll]
[3296]realplay.exe-->advapi32.dll-->RegEnumKeyExA, Type: IAT modification 0x00404020-->00000000 [AcLayers.dll]
[3296]realplay.exe-->advapi32.dll-->RegOpenKeyA, Type: IAT modification 0x00404008-->00000000 [AcLayers.dll]
[3296]realplay.exe-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x0040401C-->00000000 [AcLayers.dll]
[3296]realplay.exe-->advapi32.dll-->RegQueryValueA, Type: IAT modification 0x00404004-->00000000 [AcLayers.dll]
[3296]realplay.exe-->advapi32.dll-->RegSetValueA, Type: IAT modification 0x0040400C-->00000000 [AcLayers.dll]
[3296]realplay.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[3296]realplay.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040403C-->00000000 [shimeng.dll]
[3296]realplay.exe-->kernel32.dll-->GetVersion, Type: IAT modification 0x0040402C-->00000000 [AcLayers.dll]
[3296]realplay.exe-->kernel32.dll-->GetVersionExA, Type: IAT modification 0x00404028-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x768E1B30-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x768E1B74-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetTempFileNameW, Type: IAT modification 0x768E1144-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetVersion, Type: IAT modification 0x768E1484-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetVersionExA, Type: IAT modification 0x768E1200-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->GetVersionExW, Type: IAT modification 0x768E1458-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->00000000 [AcLayers.dll]
[3296]realplay.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->00000000 [AcLayers.dll]
[3296]realplay.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[3296]realplay.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [shimeng.dll]
[3320]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [tbdiag.dll]
[3320]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77C816A8-->00000000 [tbdiag.dll]
[3320]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [tbdiag.dll]
[3320]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77B610B4-->00000000 [tbdiag.dll]
[3320]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [tbdiag.dll]
[3320]aolsoftware.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x768E120C-->00000000 [tbdiag.dll]
[3320]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [tbdiag.dll]
[3320]aolsoftware.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77D51260-->00000000 [tbdiag.dll]
[3320]aolsoftware.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [tbdiag.dll]
[3320]aolsoftware.exe-->wininet.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x70411444-->00000000 [tbdiag.dll]
[3964]wuauclt.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x74862671-->00000000 [unknown_code_page]
[3964]wuauclt.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x748627D4-->00000000 [unknown_code_page]
[3964]wuauclt.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x74862995-->00000000 [unknown_code_page]
[3964]wuauclt.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E45DC8-->00000000 [unknown_code_page]
[3964]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E44D34-->00000000 [unknown_code_page]
[3964]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E45674-->00000000 [unknown_code_page]
[552]services.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[552]services.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[552]services.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[552]services.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[552]services.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[552]services.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[552]services.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[552]services.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[552]services.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [CACheck.dll]
[552]services.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6D641248-->00000000 [CACheck.dll]
[552]services.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6D6411F8-->00000000 [CACheck.dll]
[552]services.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[552]services.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[552]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[552]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[552]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[552]services.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[552]services.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[552]services.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[552]services.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[552]services.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[552]services.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[552]services.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[552]services.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[552]services.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[780]svchost.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [CACheck.dll]
[780]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [CACheck.dll]
[780]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [CACheck.dll]
[780]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [CACheck.dll]
[780]svchost.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [CACheck.dll]
[780]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [CACheck.dll]
[780]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [CACheck.dll]
[780]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [CACheck.dll]
[780]svchost.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [CACheck.dll]
[780]svchost.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [CACheck.dll]
[780]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [CACheck.dll]
[780]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [CACheck.dll]
[780]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [CACheck.dll]
[780]svchost.exe-->wininet.dll-->advapi32.dll-->CreateProcessAsUserA, Type: IAT modification 0x70411220-->00000000 [CACheck.dll]
[780]svchost.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [CACheck.dll]
[780]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [CACheck.dll]
[780]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [CACheck.dll]
[780]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [CACheck.dll]
[780]svchost.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [CACheck.dll]
[780]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [CACheck.dll]
[780]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [CACheck.dll]
[780]svchost.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [CACheck.dll]
[944]AOLacsd.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77C816A8-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77B610B4-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x768E120C-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77D51260-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->wininet.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x70411444-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [tbdiag.dll]
[944]AOLacsd.exe-->ws2_32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x4B0D1190-->00000000 [tbdiag.dll]
efgonzo
Regular Member
 
Posts: 17
Joined: January 27th, 2010, 10:25 pm

Re: Broswer redirect and unable to do windows update

Unread postby Cypher » July 22nd, 2010, 5:07 am

Hi efgonzo.
Sorry to hear you had trouble with the RkU scan unfortunately this can happen on some systems.
I think i got the information i needed from that scan so continue with the instructions below.
Once completed give me an update on you're PC's performance.


Fix HijackThis entries

Run HijackThis

If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next.

Post a New HJT Log
  • Start HijackThis.
  • If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  • From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
  • When completed...Notepad will open with the new "hijackthis.log" file contents.
  • Copy/paste the entire (hijackthis.log) file contents in your next reply.

Next.

Please post a new Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.

Next.

TDSSKiller

  • Please Download TDSSKiller.exe and save it on your desktop.
  • Important!: Run this fix once and once only.
  • Right click TDSSKiller.exe and select " Run as administrator " to run it.
  • a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 19.06.2010
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.



Logs/Information to Post in your Next Reply

  • HijackThis log.
  • Uninstall list.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Broswer redirect and unable to do windows update

Unread postby efgonzo » July 22nd, 2010, 8:38 am

Good morning Cypher.

As instructed I ran Hijackthis again and deleted that one file. Here is the log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:23:47 AM, on 7/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AOL\acs\AOLDial.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\AOL\1187395945\ee\aolsoftware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Users\Ed\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187395945\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: C036AF62 - Unknown owner - C:\Windows\system32\C036AF62.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7163 bytes


I then ran uninstall as instructed. Below is the uninstall list

32 Bit HP CIO Components Installer
5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
AVG Free 9.0
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
CA Pest Patrol Realtime Protection
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant AC-Link Audio
Crystal Maze from Hewlett-Packard Laptops (remove only)
Customer Experience Enhancement
DivX
Easy Internet Sign-up
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP DVD Play 2.0
HP Game Console and games
HP Help and Support
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Product Detection
HP Rhapsody
HP Update
HP User Guides 0025
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
Java(TM) 6 Update 20
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Money 2006
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
Netscape Browser (remove only)
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
Panda ActiveScan 2.0
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quicken 2006
QuickTime
RealPlayer Basic
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
RTC Client API v1.2
SCRABBLE from Hewlett-Packard Laptops (remove only)
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TourSetup
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Viewpoint Media Player
Wireless Home Network Setup

I then downloaded and ran TDSSKiller.exe as instructed. When that was running, I had firefox browser open, a new tab was created in the browser and google home page came up. Just wanted to mention that. Scan then completed and it asked for me to type "Y" to restart computer. Below is TDSSKiller log

07:28:07:050 4024 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
07:28:07:050 4024 ================================================================================
07:28:07:050 4024 SystemInfo:

07:28:07:050 4024 OS Version: 6.0.6002 ServicePack: 2.0
07:28:07:050 4024 Product type: Workstation
07:28:07:050 4024 ComputerName: COMPAQ
07:28:07:050 4024 UserName: Ed
07:28:07:050 4024 Windows directory: C:\Windows
07:28:07:050 4024 System windows directory: C:\Windows
07:28:07:050 4024 Processor architecture: Intel x86
07:28:07:050 4024 Number of processors: 1
07:28:07:050 4024 Page size: 0x1000
07:28:07:050 4024 Boot type: Normal boot
07:28:07:050 4024 ================================================================================
07:28:07:706 4024 Initialize success
07:28:07:706 4024
07:28:07:706 4024 Scanning Services ...
07:28:09:081 4024 Raw services enum returned 417 services
07:28:09:081 4024
07:28:09:081 4024 Scanning Drivers ...
07:28:09:612 4024 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
07:28:09:784 4024 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
07:28:09:941 4024 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
07:28:10:128 4024 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
07:28:10:253 4024 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
07:28:10:394 4024 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
07:28:10:550 4024 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
07:28:10:675 4024 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
07:28:10:800 4024 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
07:28:10:941 4024 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
07:28:11:066 4024 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
07:28:11:191 4024 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
07:28:11:347 4024 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
07:28:11:456 4024 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
07:28:11:550 4024 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
07:28:11:862 4024 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\Windows\system32\drivers\ASCTRM.sys
07:28:12:003 4024 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
07:28:12:159 4024 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
07:28:12:316 4024 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
07:28:12:456 4024 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
07:28:12:612 4024 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
07:28:12:722 4024 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
07:28:12:956 4024 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
07:28:13:081 4024 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
07:28:13:222 4024 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
07:28:13:378 4024 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
07:28:13:519 4024 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
07:28:13:628 4024 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
07:28:13:737 4024 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
07:28:13:862 4024 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
07:28:14:003 4024 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
07:28:14:112 4024 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
07:28:14:253 4024 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
07:28:14:378 4024 CAMCAUD (c2ef37f09cfee9665e6cd7c0b0afb84f) C:\Windows\system32\drivers\camc6aud.sys
07:28:14:519 4024 CAMCHALA (512df898de5c0654647acd5c82f0bd99) C:\Windows\system32\drivers\camc6hal.sys
07:28:14:659 4024 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
07:28:14:800 4024 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
07:28:14:941 4024 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
07:28:15:066 4024 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
07:28:15:253 4024 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
07:28:15:394 4024 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
07:28:15:534 4024 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
07:28:15:644 4024 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
07:28:15:753 4024 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
07:28:15:894 4024 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
07:28:16:034 4024 disk (58cff860e79328c92750f70dc25eea25) C:\Windows\system32\drivers\disk.sys
07:28:16:034 4024 Suspicious file (Forged): C:\Windows\system32\drivers\disk.sys. Real md5: 58cff860e79328c92750f70dc25eea25, Fake md5: 5d4aefc3386920236a548271f8f1af6a
07:28:16:034 4024 File "C:\Windows\system32\drivers\disk.sys" infected by TDSS rootkit ... 07:28:16:191 4024 Backup copy found, using it..
07:28:16:206 4024 will be cured on next reboot
07:28:16:347 4024 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
07:28:16:534 4024 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
07:28:16:706 4024 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
07:28:18:206 4024 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
07:28:18:362 4024 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
07:28:18:581 4024 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
07:28:18:847 4024 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
07:28:19:003 4024 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
07:28:19:191 4024 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
07:28:19:362 4024 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
07:28:19:503 4024 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
07:28:19:659 4024 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
07:28:19:800 4024 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
07:28:19:862 4024 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
07:28:20:128 4024 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
07:28:20:347 4024 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\drivers\hdaudbus.sys
07:28:20:550 4024 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
07:28:20:784 4024 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
07:28:20:941 4024 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
07:28:21:112 4024 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
07:28:21:284 4024 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
07:28:21:425 4024 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
07:28:21:581 4024 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
07:28:21:706 4024 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
07:28:21:878 4024 ICAM3NT5 (7e9dce459be666ab54f67e77cb7d1297) C:\Windows\system32\Drivers\Icam3.sys
07:28:22:003 4024 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
07:28:22:128 4024 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
07:28:22:253 4024 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
07:28:22:394 4024 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:28:22:597 4024 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
07:28:22:737 4024 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
07:28:22:862 4024 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
07:28:23:191 4024 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
07:28:23:487 4024 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
07:28:23:628 4024 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
07:28:23:769 4024 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
07:28:23:909 4024 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:28:24:081 4024 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
07:28:24:222 4024 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\Windows\system32\drivers\klmd.sys
07:28:24:409 4024 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
07:28:24:706 4024 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
07:28:24:769 4024 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
07:28:24:894 4024 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
07:28:25:019 4024 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
07:28:25:144 4024 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
07:28:25:284 4024 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
07:28:25:409 4024 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
07:28:25:550 4024 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
07:28:25:675 4024 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
07:28:25:769 4024 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
07:28:26:003 4024 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
07:28:26:081 4024 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
07:28:26:222 4024 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
07:28:26:362 4024 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
07:28:26:519 4024 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
07:28:26:659 4024 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:28:26:816 4024 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:28:26:987 4024 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:28:27:112 4024 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
07:28:27:237 4024 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
07:28:27:347 4024 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
07:28:27:503 4024 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
07:28:27:628 4024 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
07:28:27:769 4024 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
07:28:27:909 4024 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
07:28:28:050 4024 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
07:28:28:222 4024 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
07:28:28:378 4024 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
07:28:28:534 4024 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
07:28:28:628 4024 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
07:28:28:737 4024 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
07:28:28:909 4024 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
07:28:29:050 4024 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
07:28:29:206 4024 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:28:29:347 4024 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
07:28:29:441 4024 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
07:28:29:550 4024 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
07:28:29:675 4024 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
07:28:29:816 4024 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
07:28:29:909 4024 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
07:28:30:050 4024 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
07:28:30:222 4024 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
07:28:30:362 4024 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
07:28:30:550 4024 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
07:28:30:675 4024 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
07:28:30:800 4024 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
07:28:31:081 4024 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
07:28:31:222 4024 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
07:28:31:362 4024 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
07:28:31:519 4024 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
07:28:31:644 4024 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
07:28:31:784 4024 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
07:28:31:972 4024 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
07:28:32:097 4024 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
07:28:32:269 4024 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
07:28:32:456 4024 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
07:28:32:581 4024 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
07:28:32:706 4024 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
07:28:32:831 4024 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\Windows\system32\Drivers\PxHelp20.sys
07:28:33:003 4024 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
07:28:33:159 4024 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
07:28:33:284 4024 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
07:28:33:519 4024 R300 (554685122b4f973e21d66c2baaf29543) C:\Windows\system32\DRIVERS\atikmdag.sys
07:28:33:675 4024 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
07:28:33:800 4024 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:28:33:941 4024 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
07:28:34:081 4024 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
07:28:34:222 4024 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
07:28:34:378 4024 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:28:34:550 4024 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
07:28:34:722 4024 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
07:28:34:862 4024 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
07:28:35:019 4024 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
07:28:35:159 4024 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
07:28:35:300 4024 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
07:28:35:425 4024 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:28:35:566 4024 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
07:28:35:675 4024 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
07:28:35:816 4024 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
07:28:35:972 4024 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
07:28:36:112 4024 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
07:28:36:253 4024 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
07:28:36:378 4024 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
07:28:36:503 4024 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
07:28:36:659 4024 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
07:28:36:800 4024 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
07:28:36:972 4024 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
07:28:37:097 4024 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
07:28:37:253 4024 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
07:28:37:425 4024 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
07:28:37:597 4024 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
07:28:37:753 4024 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
07:28:37:862 4024 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
07:28:38:112 4024 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
07:28:38:237 4024 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
07:28:38:409 4024 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
07:28:38:628 4024 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
07:28:38:862 4024 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
07:28:39:003 4024 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
07:28:39:144 4024 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
07:28:39:269 4024 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
07:28:39:394 4024 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
07:28:39:581 4024 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
07:28:39:722 4024 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:28:39:847 4024 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
07:28:40:003 4024 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
07:28:40:128 4024 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
07:28:40:269 4024 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
07:28:40:441 4024 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
07:28:40:581 4024 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
07:28:40:722 4024 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
07:28:40:862 4024 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
07:28:41:003 4024 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
07:28:41:144 4024 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
07:28:41:269 4024 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
07:28:41:409 4024 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
07:28:41:597 4024 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
07:28:41:737 4024 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
07:28:42:441 4024 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
07:28:42:612 4024 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:28:42:737 4024 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
07:28:42:862 4024 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
07:28:42:987 4024 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
07:28:43:097 4024 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
07:28:43:222 4024 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
07:28:43:331 4024 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
07:28:43:441 4024 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
07:28:43:534 4024 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
07:28:43:753 4024 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
07:28:43:925 4024 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
07:28:44:066 4024 VSTHWATI (25b637a932088bf215a907168c5ba1c3) C:\Windows\system32\DRIVERS\VSTATI3.SYS
07:28:44:253 4024 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
07:28:44:409 4024 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
07:28:44:534 4024 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:28:44:550 4024 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
07:28:44:675 4024 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
07:28:44:800 4024 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
07:28:44:941 4024 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
07:28:45:128 4024 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
07:28:45:300 4024 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:28:45:472 4024 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
07:28:45:612 4024 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:28:45:628 4024 Reboot required for cure complete..
07:28:45:941 4024 Cure on reboot scheduled successfully
07:28:45:941 4024
07:28:45:941 4024 Completed
07:28:45:941 4024
07:28:45:941 4024 Results:
07:28:45:941 4024 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
07:28:45:941 4024 File objects infected / cured / cured on reboot: 1 / 0 / 1
07:28:45:941 4024
07:28:45:941 4024 KLMD(ARK) unloaded successfully


Computer performance now: Browser redirects have seemed to stop. I was able to run a successful windows update, before I could not. Computer seems to be operating fine except for that "ATI External Event Utility Exe module stop working" message that popped up again. Im assuming that might be a hardware/software issue with ATI. That isnt anything to do with malware correct?

Also, since this is my fathers computer, what can I tell him the problem was?

Thank you for your help. This website is great for helping those of us with computer troubles.
efgonzo
Regular Member
 
Posts: 17
Joined: January 27th, 2010, 10:25 pm

Re: Broswer redirect and unable to do windows update

Unread postby Cypher » July 22nd, 2010, 11:35 am

Hi efgonzo.
Thank you for your help.

You're most welcome.
Computer performance now: Browser redirects have seemed to stop. I was able to run a successful windows update.

Good news but stay with me we still have some work to do.
Computer seems to be operating fine except for that "ATI External Event Utility Exe module stop working" message that popped up again.
That i think is graphics card related we can get back to it once you're PC is clean.
since this is my fathers computer, what can I tell him the problem was?


Your computer was infected with a ROOTKIT. In particular, the TDL3/TDSS rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore once you're PC is clean it may be prudent to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

What are rootkits from Wikipedia

How do I respond to a possible identity theft and how do I prevent it



Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
Adobe Reader 8.1.2

Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 21.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
  • Download Adobe Reader 930 from Here


Next.

Upload File/Files for testing

Please go to jotti.org or Virustotal

Copy/paste this file and path into the white box at the top:
C:\Windows\system32\C036AF62.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Disable AVG9

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
  • Note: Don't forget to re-enable it after the below scan.

Next.

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to Kaspersky Online Scan
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan. * This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.


Logs/Information to Post in your Next Reply

  • jotti or virustotal results.
  • Kaspersky log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Broswer redirect and unable to do windows update

Unread postby efgonzo » July 22nd, 2010, 11:40 pm

HI Cypher,

As instructed removed adobe reader 8.1.2

Downloaded and installed JavaSE runtime Environment 6 Update 21 as instructed.

Downloaded and installed Adobe reader 9.3.0.

went to Jotti.org and tested file. here is result

[ArcaVir]
2010-05-25 Found nothing
[G DATA]
2010-05-26 Found nothing
[Avast! antivirus]
2010-05-25 Found nothing
[Ikarus]
2010-05-25 Found nothing
[Grisoft AVG Anti-Virus]
2010-05-25 Found nothing
[Kaspersky Anti-Virus]
2010-05-25 Found nothing
[Avira AntiVir]
2010-05-25 Found nothing
[ESET NOD32]
2010-05-25 Found nothing
[Softwin BitDefender]
2010-05-25 Found nothing
[Panda Antivirus]
2010-05-25 Found nothing
[ClamAV]
2010-05-25 Found nothing
[Quick Heal]
2010-05-25 Found nothing
[CPsecure]
2010-05-26 Found nothing
[Sophos]
2010-05-26 Found nothing
[Dr.Web]
2010-05-26 Found nothing
[VirusBlokAda VBA32]
2010-05-24 Found nothing
[Frisk F-Prot Antivirus]
2010-05-25 Found nothing
[VirusBuster]
2010-05-25 Found nothing
[F-Secure Anti-Virus]
2010-05-25 Found nothing

Used ATF Cleaner as instructed

I disabled AVG

I ran Kapersky online scan and it found nothing. No results to post since nothing found.

Computer performance seems to be good. No browser redirects and like I said earlier was able to do a windows update successfully.
efgonzo
Regular Member
 
Posts: 17
Joined: January 27th, 2010, 10:25 pm

Re: Broswer redirect and unable to do windows update

Unread postby Cypher » July 23rd, 2010, 5:54 am

Hi efgonzo your latest set of logs appear to be clean! :)
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

OTC

Download OTC by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Right-click OTC.exe And select " Run as administrator " to run it.
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You can now delete any tools we used if they remain on your Desktop.

Create a new, clean System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Creat.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush infected System Restore points

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection.
  • untick the box labeled Vista C: an click Turn off system restore.
  • Click Apply and OK.
  • Restart your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Broswer redirect and unable to do windows update

Unread postby efgonzo » July 23rd, 2010, 7:32 am

Hey Cypher,,will do the last things you recommend. Again, thanks for taking the time to help me.

I had mentioned that ATI error message I was getting and you said we could look at that when the machine was clean. Any advice on that?
efgonzo
Regular Member
 
Posts: 17
Joined: January 27th, 2010, 10:25 pm

Re: Broswer redirect and unable to do windows update

Unread postby Cypher » July 23rd, 2010, 7:59 am

Hi efgonzo.
My apologizes i had forgotten about that.
The problems you are still experiencing are not coming from malware as all of your latest logs have come back clean.
My research suggests that it is graphics card related.
As this is a dedicated Malware Removal site I think those issues are best left to experts elsewhere..
Here are some excellent Tech sites (in no particular order) that may be able to help with these problems:


So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.

An y other questions?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Broswer redirect and unable to do windows update

Unread postby efgonzo » July 23rd, 2010, 8:49 am

Thanks Cypher for all your help. Will check out those hardware sites you mentioned. Computer running well. Have a great day.
efgonzo
Regular Member
 
Posts: 17
Joined: January 27th, 2010, 10:25 pm

Re: Broswer redirect and unable to do windows update

Unread postby Cypher » July 23rd, 2010, 11:15 am

You're welcome efgonzo.
God luck and stay safe.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware