Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox Web browser Hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox Web browser Hijack

Unread postby bearcat83 » August 10th, 2010, 8:03 pm

I inadvertently allowed clicked on a website that planted a trojan/malware on my pc a few weeks ago. The trojan was TrojanASPXJS.win32. After trying Malwarebytes anti-malware, McAfee and Superantispyware, the trojan was removed. However, I have experienced some weird browser redirects when using Firefox. These are the symptoms: when doing a google search, if I click on a link of one of the search results, it will take me to a different site. Examples are searchfusion and juggle. It does this sporadically.

thanks for your help.

Here are the Hijackthis files:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:06 PM, on 8/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517180829.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: CDS300 - (no CLSID) - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

--
End of file - 12854 bytes


Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9.2
Amazon Games & Software Downloader
AnswerWorks 5.0 English Runtime
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI Catalyst Control Center
Bonjour
Browser Highlighter - Firefox
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
Canon MP Navigator 3.0
Canon MP960
Canon MP960 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
Choice Guard
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell-eBay
EPSON NX100 Series Printer Uninstall
EPSON Scan
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
Hallmark Card Studio 2009
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iPod for Windows 2006-01-10
iTunes
Java(TM) 6 Update 20
Junk Mail filter update
Logitech Webcam Software
Malwarebytes' Anti-Malware
McAfee AntiVirus Plus
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
QualXServ Service Agreement
Quicken 2009
QuickTime
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Skype web features
Skype™ 4.1
SopCast 2.0.4
SUPERAntiSpyware
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmiiper
TurboTax 2009 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Veetle TV 0.9.16
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Windows NT Backup - Restore Utility
bearcat83
Active Member
 
Posts: 6
Joined: August 10th, 2010, 7:51 pm
Advertisement
Register to Remove

Re: Firefox Web browser Hijack

Unread postby Cypher » August 13th, 2010, 1:02 pm

Hi and welcome to Malware Removal Forums, sorry for the delay in answering your request for help the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Backup Made Easy


Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
SUPERAntiSpyware

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • Note: This log can be big you might have to post it in separate replies.


Logs/Information to Post in your Next Reply

  • RSIT log.txt and info.txt contents.
  • RKUnHooker log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox Web browser Hijack

Unread postby Cypher » August 15th, 2010, 12:20 pm

Hi bearcat83 do you still need help?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox Web browser Hijack

Unread postby bearcat83 » August 15th, 2010, 8:31 pm

Thanks for your help. I removed the superantispyware software. Here is the RSIT log file:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pinner Family at 2010-08-15 20:27:26
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 144 GB (50%) free of 290 GB
Total RAM: 3325 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:27:58 PM, on 8/15/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2009\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pinner Family\Downloads\RSIT(5).exe
C:\Program Files\trend micro\Pinner Family.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517180829.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: CDS300 - (no CLSID) - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

--
End of file - 13199 bytes

======Scheduled tasks folder======

C:\Windows\tasks\RtlNICDiagVistaStart.job
C:\Windows\tasks\User_Feed_Synchronization-{A3540EFA-AC93-40B6-B9A3-586330AB2D75}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517180829.dll [2010-04-27 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-20 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-16 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-06 4706304]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2008-01-14 132392]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]
"AmazonGSDownloaderTray"=C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [2009-04-06 247296]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-10-16 1197648]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-05-08 2780432]
"tbhSystray"=C:\Program Files\tbh\base\bin\tbhSystray.exe [2010-08-15 492840]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1193848]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-07-17 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-11-13 1807600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX100 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE [2008-02-05 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-16 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Dell Remote Access.lnk - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
Event Planner Reminder 2009.lnk - C:\Windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe

C:\Users\Pinner Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-04-15 10536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-11 22:24:07 ----A---- C:\Windows\system32\iertutil.dll
2010-08-11 22:24:06 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 22:24:06 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 22:24:05 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 22:24:05 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 22:24:05 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-11 22:24:05 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 22:24:05 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-11 22:24:04 ----A---- C:\Windows\system32\occache.dll
2010-08-11 22:24:04 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 22:24:04 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 22:24:04 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 22:24:04 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 22:24:04 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-11 22:24:04 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 22:24:04 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-11 22:24:04 ----A---- C:\Windows\system32\iesetup.dll
2010-08-11 22:24:04 ----A---- C:\Windows\system32\iernonce.dll
2010-08-11 22:24:04 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 22:24:01 ----A---- C:\Windows\system32\iccvid.dll
2010-08-11 22:23:59 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 22:23:53 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 22:23:50 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 22:23:25 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 22:23:25 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 22:23:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-11 22:23:20 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 22:23:18 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 22:23:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-08 17:35:28 ----D---- C:\rsit
2010-08-05 18:27:46 ----D---- C:\Program Files\Trend Micro
2010-08-03 18:41:09 ----A---- C:\Windows\system32\drivers\hitmanpro35.sys
2010-08-03 18:40:04 ----D---- C:\ProgramData\Hitman Pro
2010-08-03 18:40:03 ----D---- C:\Program Files\Hitman Pro 3.5
2010-08-02 18:21:32 ----A---- C:\Windows\system32\shell32.dll
2010-07-17 20:54:51 ----D---- C:\Users\Pinner Family\AppData\Roaming\Malwarebytes
2010-07-17 20:54:45 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-17 20:54:44 ----D---- C:\ProgramData\Malwarebytes
2010-07-17 20:54:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-17 20:54:44 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-17 19:03:12 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-07-17 17:34:24 ----D---- C:\Program Files\Emsisoft Anti-Malware
2010-07-17 14:58:28 ----D---- C:\Users\Pinner Family\AppData\Roaming\Defense Center

======List of files/folders modified in the last 1 months======

2010-08-15 20:27:56 ----D---- C:\Windows\Prefetch
2010-08-15 20:27:28 ----D---- C:\Windows\Temp
2010-08-15 20:23:34 ----RD---- C:\Program Files
2010-08-15 18:58:45 ----D---- C:\Windows\Microsoft.NET
2010-08-15 18:58:10 ----RSD---- C:\Windows\assembly
2010-08-15 18:50:17 ----D---- C:\Windows\winsxs
2010-08-15 18:29:29 ----AD---- C:\ProgramData\TEMP
2010-08-15 18:27:00 ----D---- C:\Windows\system32\migration
2010-08-15 18:27:00 ----D---- C:\Windows\System32
2010-08-15 18:27:00 ----D---- C:\Program Files\Internet Explorer
2010-08-15 18:26:58 ----D---- C:\Program Files\Movie Maker
2010-08-15 18:26:53 ----D---- C:\Windows\system32\drivers
2010-08-12 17:50:54 ----SHD---- C:\Windows\Installer
2010-08-12 17:50:53 ----D---- C:\ProgramData\Microsoft Help
2010-08-12 17:48:13 ----D---- C:\Windows\system32\catroot
2010-08-12 17:48:05 ----D---- C:\Program Files\Windows Mail
2010-08-12 17:47:15 ----SHD---- C:\System Volume Information
2010-08-12 17:02:08 ----D---- C:\Windows\inf
2010-08-12 17:02:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-11 22:22:42 ----D---- C:\Windows\system32\catroot2
2010-08-08 08:53:59 ----D---- C:\ProgramData\Adobe
2010-08-07 21:33:14 ----D---- C:\Program Files\Common Files\Adobe
2010-08-07 21:33:10 ----D---- C:\Program Files\Adobe
2010-08-03 18:41:00 ----D---- C:\Windows\system32\Tasks
2010-08-03 18:40:04 ----HD---- C:\ProgramData
2010-08-03 14:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-28 00:17:59 ----D---- C:\Users\Pinner Family\AppData\Roaming\Apple Computer
2010-07-25 15:52:00 ----D---- C:\Windows\system32\WDI
2010-07-24 15:54:22 ----D---- C:\Program Files\Mozilla Firefox
2010-07-17 21:06:10 ----D---- C:\Windows\Users
2010-07-17 18:33:35 ----D---- C:\Windows

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-04-27 385880]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-11-14 43840]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
R2 Packet;Auto Internet Protocol; C:\Windows\system32\DRIVERS\packet.sys [2008-06-17 22016]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2008-03-06 27648]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-13 3592704]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-06 2047576]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-04-30 25624]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-04-27 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-04-27 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-04-27 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
R3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-03-06 106496]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-13 3592704]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2008-03-06 308248]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-06-13 675840]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
R2 hnmsvc;Advanced Networking Service; c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe [2009-01-05 824560]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-04-14 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 tbhMonitor.exe;The Browser Highlighter Monitor; C:\Program Files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
R3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Amazon Download Agent;Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-04-06 319488]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-04-15 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-16 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 NtmsSvc;@%SystemRoot%\system32\ntmssvc.dll,-2; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------
bearcat83
Active Member
 
Posts: 6
Joined: August 10th, 2010, 7:51 pm

Re: Firefox Web browser Hijack

Unread postby bearcat83 » August 15th, 2010, 9:11 pm

Here is the RKUnhooker log part 1:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F20D000 C:\Windows\system32\DRIVERS\atikmdag.sys 5214208 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82644000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82644000 PnpManager 3903488 bytes
0x82644000 RAW 3903488 bytes
0x82644000 WMIxWDM 3903488 bytes
0x98805000 C:\Windows\system32\DRIVERS\LV302V32.SYS 2682880 bytes (Logitech Inc., Logitech Webcam Software Driver)
0x984E0000 Win32k 2109440 bytes
0x984E0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8FC00000 C:\Windows\system32\drivers\RTKVHDA.sys 2043904 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x8B03E000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8AEE3000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8FE0E000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D4000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9FE0B000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x98B04000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8F706000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8EA18000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80600000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8AE72000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040A000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x90346000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8AE0C000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x9D8C6000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x902AD000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x80725000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8FF95000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80689000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80493000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8EB37000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8EEB8000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8F7BE000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9022C000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B003000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9D84E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B14E000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8EE72000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82611000 ACPI_HAL 208896 bytes
0x82611000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807BA000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FF63000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8EB08000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8EEF7000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x805B4000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8EE31000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9D914000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8B19E000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E0000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9D89F000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8FF13000 C:\Windows\system32\drivers\mfewfpk.sys 155648 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x8EF24000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90289000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8EBA5000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x90204000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes
0x8B1D6000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9D80E000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8EF73000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9D82F000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8079C000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8EAB4000 C:\Windows\system32\DRIVERS\Rtlh86.sys 122880 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x903B3000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8FEF8000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x98AE9000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x903D0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8EAF0000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9D887000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90272000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EB83000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9032F000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9FF55000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x9FF7E000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x8FFDD000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8FF39000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x98BE9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8EBEB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x902F8000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8EBD7000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8FF4F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x9FFB0000 C:\Windows\system32\drivers\mferkdet.sys 77824 bytes (McAfee, Inc., McAfee Code Analysis Driver)
0x98BCA000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8EFD4000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x98A94000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0x8B1C5000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8EEA7000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047A000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x807EC000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x98AAF000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x98BBA000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80784000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8EAD2000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8EE09000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8EA09000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x98ADA000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B18F000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80707000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8EBC8000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8EAA5000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80716000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EAE2000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x98720000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FE00000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x8EFC6000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8EFAF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80776000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x9030F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8EE65000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8067C000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9FF28000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0x98BDD000 C:\Windows\system32\DRIVERS\RtNdPt60.sys 49152 bytes (Windows (R) Codename Longhorn DDK provider, NDIS User mode I/O Driver)
0x9FEF3000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8EF67000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F7A7000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x9031C000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8EE19000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9FF94000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8EE24000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8EFA4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EB9A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8EB78000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x805E7000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F7B3000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x98AD0000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8EE5B000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90268000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9FEE9000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9FFA7000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8B1F7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8FDF3000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x98AA6000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x98AC7000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x9FFC3000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8AE69000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8EFBD000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x98700000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x805F2000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806CF000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80794000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048B000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x90327000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x98ABF000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806D8000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8EF94000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8EF9C000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B187000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8EF50000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8EF60000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80403000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8EF49000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8076F000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8F200000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x98BB4000 C:\Windows\system32\DRIVERS\packet.sys 24576 bytes (SingleClick Systems, SCS NDIS 5.0 Auto IP Protocol Driver)
0x90226000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes
0x9FF23000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0x8EE2F000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9030D000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x06510000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 102400 bytes
0x05BF0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x85358588 ] PID: 4992, 1077248 bytes
0x004F0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8522FA60 ] PID: 3824, 110592 bytes
0x04E90000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 110592 bytes
0x086F0000 Hidden Image-->Xceed.Compression.dll [ EPROCESS 0x85165D90 ] PID: 5588, 110592 bytes
0x06620000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 126976 bytes
0x04B40000 Hidden Image-->Xceed.FileSystem.dll [ EPROCESS 0x85165D90 ] PID: 5588, 135168 bytes
0x065B0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 143360 bytes
0x08870000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 1519616 bytes
0x08550000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 1691648 bytes
0x06850000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 208896 bytes
0x09750000 Hidden Image-->SBAIAPI.dll [ EPROCESS 0x85165D90 ] PID: 5588, 217088 bytes
0x065E0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 225280 bytes
0x096B0000 Hidden Image-->Xceed.Zip.dll [ EPROCESS 0x85165D90 ] PID: 5588, 225280 bytes
0x05F60000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 266240 bytes
0x06120000 Hidden Image-->log4net.dll [ EPROCESS 0x85358588 ] PID: 4992, 282624 bytes
0x020D0000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x85122380 ] PID: 3712, 28672 bytes
0x01970000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8522FA60 ] PID: 3824, 28672 bytes
0x01A00000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8522FA60 ] PID: 3824, 28672 bytes
0x00C60000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x00CC0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x05420000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x05460000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x05490000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x054B0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x05900000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x055D0000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x058F0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x05E50000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x060F0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x060C0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x060B0000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x06110000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x06130000 Hidden Image-->LOCALIZATION.Foundation.Private.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x06480000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x06320000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x06440000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x06560000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x06550000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x065A0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x068B0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x06A40000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x06A80000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x06AC0000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x07250000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x072C0000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x07400000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x07680000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x07670000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x07EE0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 28672 bytes
0x048E0000 Hidden Image-->extensibility.dll [ EPROCESS 0x85165D90 ] PID: 5588, 28672 bytes
0x063D0000 Hidden Image-->SBAIUI.dll [ EPROCESS 0x85165D90 ] PID: 5588, 28672 bytes
0x09A60000 Hidden Image-->Xceed.Grid.UIStyle.dll [ EPROCESS 0x85165D90 ] PID: 5588, 307200 bytes
0x068E0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 356352 bytes
0x05080000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8522FA60 ] PID: 3824, 36864 bytes
0x04EB0000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 36864 bytes
0x05450000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 36864 bytes
0x05C80000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 36864 bytes
0x06460000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 36864 bytes
0x06AA0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 36864 bytes
0x07150000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 36864 bytes
0x07180000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 36864 bytes
0x071F0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 36864 bytes
0x073D0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 36864 bytes
0x076D0000 Hidden Image-->LOCALIZATION.Foundation.Implementation.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 36864 bytes
0x048D0000 Hidden Image-->stdole.dll [ EPROCESS 0x85165D90 ] PID: 5588, 36864 bytes
0x07540000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 413696 bytes
0x06A30000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x85358588 ] PID: 4992, 421888 bytes
0x08000000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 430080 bytes
0x075B0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 446464 bytes
0x02050000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x85122380 ] PID: 3712, 45056 bytes
0x00BF0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8522FA60 ] PID: 3824, 45056 bytes
0x00CD0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8522FA60 ] PID: 3824, 45056 bytes
0x05060000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8522FA60 ] PID: 3824, 45056 bytes
0x00AB0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 45056 bytes
0x00C30000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 45056 bytes
0x00E10000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 45056 bytes
0x05430000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 45056 bytes
0x06AB0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 45056 bytes
0x06AD0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 45056 bytes
0x07170000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 45056 bytes
0x071E0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 45056 bytes
0x07920000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 454656 bytes
0x08D60000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 454656 bytes
0x03AD0000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x85358588 ] PID: 4992, 471040 bytes
0x049E0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x85358588 ] PID: 4992, 479232 bytes
0x06680000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x85358588 ] PID: 4992, 479232 bytes
0x078A0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 487424 bytes
0x06490000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 495616 bytes
0x08330000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 503808 bytes
0x09B50000 Hidden Image-->msvcm80.dll [ EPROCESS 0x85165D90 ] PID: 5588, 507904 bytes
0x05440000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x05310000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x052F0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x05470000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x055E0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x06470000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x068A0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x06A90000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x07190000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x06C40000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x07230000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x073C0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x07690000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 53248 bytes
0x01240000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x85358588 ] PID: 4992, 53248 bytes
0x089F0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 593920 bytes
0x9FF34730 Unknown thread object [ ETHREAD 0x886FD020 ] , 600 bytes
0x00C70000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 61440 bytes
0x05160000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 61440 bytes
0x05C70000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 61440 bytes
0x071B0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 61440 bytes
0x07340000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 61440 bytes
0x07390000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 61440 bytes
0x073E0000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 61440 bytes
0x00CE0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8522FA60 ] PID: 3824, 69632 bytes
0x00DD0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 69632 bytes
0x07210000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 69632 bytes
0x07320000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 69632 bytes
0x072D0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 69632 bytes
0x01C70000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x85122380 ] PID: 3712, 77824 bytes
0x060D0000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 77824 bytes
0x06A60000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 77824 bytes
0x06B00000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 77824 bytes
0x07290000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 77824 bytes
0x03E60000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x85358588 ] PID: 4992, 77824 bytes
0x047A0000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x85358588 ] PID: 4992, 778240 bytes
0x08C90000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 815104 bytes
0x097E0000 Hidden Image-->Xceed.Grid.dll [ EPROCESS 0x85165D90 ] PID: 5588, 815104 bytes
0x06570000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 86016 bytes
0x06AE0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 86016 bytes
0x07370000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x85322B88 ] PID: 4204, 86016 bytes
0x03E80000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x85358588 ] PID: 4992, 86016 bytes
0x065A0000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x85358588 ] PID: 4992, 872448 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x826EC7AA-->826EC7B1 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x828544FA-->8AE3ED8C [mfehidk.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x82834DA3-->8AE3EDB6 [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x828547BD-->8AE3EDA2 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x8266F9D2-->8AE3ED78 [mfehidk.sys]
[1032]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[1032]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[1032]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[1032]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[1032]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[1032]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[1032]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[1032]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[1032]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[1032]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[1032]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[1032]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[1032]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[1112]sidebar.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x77DF1050-->00000000 [LVPrcInj01.dll]
[1112]sidebar.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DF1018-->00000000 [LVPrcInj01.dll]
[1112]sidebar.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x77DF1054-->00000000 [LVPrcInj01.dll]
[1112]sidebar.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x77DF1354-->00000000 [LVPrcInj01.dll]
[1176]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[1176]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[1176]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[1176]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[1176]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[1212]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[1212]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[1212]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[1212]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[1212]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[1212]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[1212]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[1212]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[1212]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[1212]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[1212]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[1212]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[1212]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[1228]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[1228]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[1228]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[1228]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[1228]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[1228]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[1228]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[1228]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[1228]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[1228]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[1228]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[1228]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[1228]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x76E0D690-->00000000 [unknown_code_page]
[1228]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x76E0F3A4-->00000000 [unknown_code_page]
[1228]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x76E56DDF-->00000000 [unknown_code_page]
[1228]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x76E0DB09-->00000000 [unknown_code_page]
[1228]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[1368]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[1368]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[1368]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[1368]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[1368]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[1368]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[1368]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[1368]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[1368]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[1368]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[1368]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[1368]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[1368]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[1496]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[1496]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[1496]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[1496]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x76E0D690-->00000000 [unknown_code_page]
[1496]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x76E0F3A4-->00000000 [unknown_code_page]
[1496]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x76E56DDF-->00000000 [unknown_code_page]
[1496]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x76E0DB09-->00000000 [unknown_code_page]
[1496]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[1588]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[1588]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[1588]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[1588]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[1588]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[1588]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[1588]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[1588]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[1588]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[1588]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[1588]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[1588]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[1588]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[1712]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[1712]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[1712]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[1712]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[1712]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[1712]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[1712]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[1712]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[1712]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[1712]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[1712]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[1712]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[1712]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[1920]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[1920]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[1920]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[1920]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
bearcat83
Active Member
 
Posts: 6
Joined: August 10th, 2010, 7:51 pm

Re: Firefox Web browser Hijack

Unread postby bearcat83 » August 15th, 2010, 9:11 pm

Here is the 2nd part of the file:
[2024]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2024]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[2024]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[2024]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2072]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[2072]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[2072]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[2072]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[2072]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[2072]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[2072]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[2072]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[2072]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[2072]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[2072]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[2072]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[2072]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[2184]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[2184]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[2184]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[2184]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[2184]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[2184]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[2184]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[2184]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[2184]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[2184]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[2184]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[2184]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[2556]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [McProxy.dll]
[2556]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [McProxy.dll]
[2880]LWS.exe-->kernel32.dll-->FindResourceA, Type: IAT modification 0x005092F0-->00000000 [LWS.exe]
[2880]LWS.exe-->kernel32.dll-->FindResourceExW, Type: IAT modification 0x005092EC-->00000000 [LWS.exe]
[2880]LWS.exe-->kernel32.dll-->FindResourceW, Type: IAT modification 0x005094CC-->00000000 [LWS.exe]
[2880]LWS.exe-->kernel32.dll-->FreeResource, Type: IAT modification 0x005093F8-->00000000 [LWS.exe]
[2880]LWS.exe-->kernel32.dll-->GetProfileIntA, Type: IAT modification 0x005092F4-->00000000 [LWS.exe]
[2880]LWS.exe-->kernel32.dll-->GetProfileIntW, Type: IAT modification 0x0050938C-->00000000 [LWS.exe]
[2880]LWS.exe-->kernel32.dll-->LoadResource, Type: IAT modification 0x005094D0-->00000000 [LWS.exe]
[2880]LWS.exe-->kernel32.dll-->LockResource, Type: IAT modification 0x005094D4-->00000000 [LWS.exe]
[2880]LWS.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x77DF1050-->00000000 [LVPrcInj01.dll]
[2880]LWS.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DF1018-->00000000 [LVPrcInj01.dll]
[2880]LWS.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x77DF1054-->00000000 [LVPrcInj01.dll]
[2880]LWS.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x77DF1354-->00000000 [LVPrcInj01.dll]
[2880]LWS.exe-->kernel32.dll-->SizeofResource, Type: IAT modification 0x005094D8-->00000000 [LWS.exe]
[2880]LWS.exe-->user32.dll-->LoadMenuA, Type: IAT modification 0x005097E0-->00000000 [LWS.exe]
[2880]LWS.exe-->user32.dll-->LoadMenuW, Type: IAT modification 0x005096F4-->00000000 [LWS.exe]
[2880]LWS.exe-->user32.dll-->LoadStringA, Type: IAT modification 0x005097DC-->00000000 [LWS.exe]
[2880]LWS.exe-->user32.dll-->LoadStringW, Type: IAT modification 0x005097D8-->00000000 [LWS.exe]
[3912]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[3912]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[3912]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[3912]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[3912]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[3912]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[3912]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[3912]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[3912]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[3912]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[3912]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[3912]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[3912]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x76E0D690-->00000000 [unknown_code_page]
[3912]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x76E0F3A4-->00000000 [unknown_code_page]
[3912]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x76E56DDF-->00000000 [unknown_code_page]
[3912]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x76E0DB09-->00000000 [unknown_code_page]
[3912]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[5156]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77469390-->00000000 [firefox.exe]
[5160]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[5160]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[5160]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[5160]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[5160]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[5160]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[5160]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[5160]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[5160]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[5160]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[5160]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[5160]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[5160]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[5588]OUTLOOK.EXE-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[5588]OUTLOOK.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x75D9A84F-->00000000 [MSO.DLL]
[5588]OUTLOOK.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]
[5588]OUTLOOK.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[5588]OUTLOOK.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[5588]OUTLOOK.EXE-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x76E0D690-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x76E0F3A4-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x76E56DDF-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x76E0DB09-->00000000 [unknown_code_page]
[5588]OUTLOOK.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [shimeng.dll]
[5588]OUTLOOK.EXE-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[5588]OUTLOOK.EXE-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[756]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[756]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[756]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[756]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[756]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[756]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[756]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[756]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[756]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[756]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[756]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[756]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[756]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[800]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[800]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[800]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[800]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x75CC3BA9-->00000000 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75CC39AB-->00000000 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75CD41F1-->00000000 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x75CD391E-->00000000 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x75CC89C7-->00000000 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75CD7C42-->00000000 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75CE7BA1-->00000000 [unknown_code_page]
[972]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x75CDE2B5-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x75DBCE5F-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x75DBAECB-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x75D72EF5-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x75D75C0C-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x75D98E6E-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75D71C28-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75D71BF3-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x75DB903B-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x75D719C9-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x75D71929-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75D994DC-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75D994B4-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x75D99109-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x75D99362-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75D71DC3-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x75D9DBDA-->00000000 [unknown_code_page]
[972]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x75E05CF7-->00000000 [unknown_code_page]
[972]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x774A43D4-->00000000 [unknown_code_page]
[972]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x774A4494-->00000000 [unknown_code_page]
[972]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x774A4D34-->00000000 [unknown_code_page]
[972]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76D136D1-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
bearcat83
Active Member
 
Posts: 6
Joined: August 10th, 2010, 7:51 pm

Re: Firefox Web browser Hijack

Unread postby bearcat83 » August 15th, 2010, 9:15 pm

Computer performance - I have been out of town for a few days so I haven't had a chance to see if hijacking is still taking place. I will test over the next few days.
thanks for your assistance.
bearcat83
Active Member
 
Posts: 6
Joined: August 10th, 2010, 7:51 pm

Re: Firefox Web browser Hijack

Unread postby Cypher » August 16th, 2010, 4:58 am

Hi bearcat83.
I have been out of town for a few days so I haven't had a chance to see if hijacking is still taking place. I will test over the next few days.
Keep me updated please and let me know if you're searches are still redirected.


Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Right Click on the erunt-setup.exe and select " Run as administrator " to run it.
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\CDS300 - (no CLSID) - (no file)]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX100 Series]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    
    :Files
    C:\Users\Pinner Family\AppData\Roaming\Defense Center
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

RSIT (Random's System Information Tool)

  • Ensure rsit.exe is on your desktop
  • Click the Windows Start > All programs > Accessories then Run
  • Copy/paste the following into the run box & click OK, Do not include the word Quote:
    "%userprofile%\desktop\rsit.exe" /info
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt << will be maximized and info.txt << will be minimized
  • Copy & paste the contents of both logs in your next reply

Next.

MBRCheck

    Please download MBRCheck.exe and save it to your desktop.
  • Right click on MBRCheck.exe and select " Run as administrator " to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.


Logs/Information to Post in your Next Reply

  • OTM log.
  • Malwarebytes log.
  • RSIT log.txt and info.txt contents.
  • MBRCheck log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox Web browser Hijack

Unread postby bearcat83 » August 17th, 2010, 9:06 pm

I will work on actions above within the next couple of days.
thanks again for all of your help!
bearcat83
Active Member
 
Posts: 6
Joined: August 10th, 2010, 7:51 pm

Re: Firefox Web browser Hijack

Unread postby Cypher » August 18th, 2010, 4:43 am

Hi bearcat83.
I am going to ask for this topic to be closed.
I suggest you come back when you have more time to complete the cleaning process.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Firefox Web browser Hijack

Unread postby NonSuch » August 18th, 2010, 5:29 am

Due to an apparent lack of time in order to complete the cleaning process, this topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 34 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware