Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

google-analytics virus re direction

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

google-analytics virus re direction

Unread postby kamman » September 17th, 2010, 7:43 am

Hello

Please see the following log files after running HijackThis, I want to fix the problem
I have with redirection, when i try to do a web search I am rediredcted,
the pc is running slower, and other webs site ads keep opening.
I dont know how to go further and fix this issue. Any help you can provide will be appriciated
Thank You.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:55:24, on 17/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Owner\Desktop\WinZip\WZQKPICK.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "F:\Kin_X\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Owner\Desktop\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RadialpointIDSAgent - Unknown owner - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10324 bytes


My uninstall log ;

d-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
ASUS USB2.0 UVC VGA WebCam
ASUSUpdate for Eee PC
Atheros Client Installation Program
AudibleManager
AVG Anti-Rootkit Free
AVG Free 9.0
BitTorrent
Choice Guard
Compatibility Pack for the 2007 Office system
Data Sync
Eee Docking 1.3.6.0
EzMessenger
FontResizer
FriendFinder Messenger v4.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB981793)
HP PSC & OfficeJet 4.2
HP Software Update
ICQ
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 21
Junk Mail filter update
LiveUpdate
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.10)
MSVCRT
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
RPS CRT
RPS PerfectDiskStub
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skype web features
Skype™ 4.2
Synaptics Pointing Device Driver
Update for Office System 2007 Setup (KB929722)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB2.0 UVC Camera Device
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.3
Windows Easy Transfer for Windows 7
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Yahoo! Messenger
ZoneAlarm
ZoneAlarm Toolbar
kamman
Active Member
 
Posts: 10
Joined: September 17th, 2010, 6:17 am
Advertisement
Register to Remove

Re: google-analytics virus re direction

Unread postby deltalima » September 20th, 2010, 5:18 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: google-analytics virus re direction

Unread postby deltalima » September 20th, 2010, 5:32 am

Hi kamman,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    BitTorrent
    Ares


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

CKScanner

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: google-analytics virus re direction

Unread postby kamman » September 20th, 2010, 7:19 am

Hello Deltalima

Fist thank you for you reply and i have followed your instructions

BitTorrent has been removed as instructed but I was not able to find Ares on my PC, "Remove" or "Change/Remove"PC does not show it.


CKScanner scan

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

MGADiag Scan

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-BFDCC-3BMCY-QGWPD
Windows Product Key Hash: 8dFTlxbCDMH7eCGI/GjBzGT53UI=
Windows Product ID: 76477-OEM-2111907-00109
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {EA107D98-B1E1-43DD-A6EA-B3219F15A7E8}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1_B4D0AA8B-920-80070057_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EA107D98-B1E1-43DD-A6EA-B3219F15A7E8}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-QGWPD</PKey><PID>76477-OEM-2111907-00109</PID><PIDType>2</PIDType><SID>S-1-5-21-1396501628-957317575-3343094678</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>1005HA</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1401 </Version><SMBIOSVersion major="2" minor="5"/><Date>20100226000000.000000+000</Date><SLPBIOS>ASUSTeK Pegasus,ASUS_FLASH,ASUS_FLASH</SLPBIOS></BIOS><HWID>90350F900100C075</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>ASUS</name><model>EeePC</model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product><Product GUID="{91120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>180BEB702B336D2</Val><Hash>RBBgayh4AUXwYVDGOS7XhdjGrhM=</Hash><Pid>81599-873-1914355-65478</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E840:ASUSTeK Computer Inc|14EA0:ASUSTeK Computer Inc|165E0:GENUINE C&C INC
Marker string from OEMBIOS.DAT: ASUSTeK Pegasus,ASUS_FLASH,ASUS_FLASH

OEM Activation 2.0 Data-->
N/A

Thanks

Kam
kamman
Active Member
 
Posts: 10
Joined: September 17th, 2010, 6:17 am

Re: google-analytics virus re direction

Unread postby deltalima » September 20th, 2010, 7:34 am

Hi kamman,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: google-analytics virus re direction

Unread postby kamman » September 21st, 2010, 5:05 am

Hello Deltalima

Please see the latest scans , GMER was run in safe mode because it failed to run properly in normal mode. i am sending this response in 2 posts,

OTL txt
OTL logfile created on: 20/09/2010 13:08:53 - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.43 Gb Total Space | 86.92 Gb Free Space | 74.65% Space Free | Partition Type: NTFS
Drive D: | 116.43 Gb Total Space | 116.29 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-2XX4MKUBCK
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
PRC - C:\Documents and Settings\Owner\Desktop\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (scan) -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll File not found
SRV - (RadialpointIDSAgent) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys File not found
DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys File not found
DRV - (RadialpointIDSShim) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys File not found
DRV - (RadialpointIDSFilter) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys File not found
DRV - (RadialpointIDSDriver) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys File not found
DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys File not found
DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys File not found
DRV - (btwhid) -- C:\WINDOWS\System32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- C:\WINDOWS\System32\drivers\btaudio.sys File not found
DRV - (AmUStor) -- C:\WINDOWS\System32\drivers\AmUStor.SYS File not found
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (RadialpointIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies )
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (AVG Anti-Rootkit) -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys (GRISOFT, s.r.o.)
DRV - (AvgArCln) -- C:\WINDOWS\system32\drivers\AvgArCln.sys (GRISOFT, s.r.o.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1396501628-957317575-3343094678-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.com/
IE - HKU\S-1-5-21-1396501628-957317575-3343094678-1003\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1396501628-957317575-3343094678-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.bbc.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/09/07 12:36:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/07 16:43:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 14:17:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 14:17:11 | 000,000,000 | ---D | M]

[2010/08/23 23:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/19 18:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions
[2010/09/07 10:42:44 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2010/09/19 18:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/28 11:59:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/13 14:45:00 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/16 14:17:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/16 14:17:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/16 14:17:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/16 14:17:03 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1396501628-957317575-3343094678-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1396501628-957317575-3343094678-1003\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1396501628-957317575-3343094678-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1396501628-957317575-3343094678-1003..\Run: [ares] F:\Kin_X\Ares\Ares.exe File not found
O4 - HKU\S-1-5-21-1396501628-957317575-3343094678-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Documents and Settings\Owner\Desktop\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1396501628-957317575-3343094678-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1396501628-957317575-3343094678-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\program files\microsoft\desktoplayer.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/16 13:12:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{401b1f66-a570-11df-af13-806d6172696f}\Shell\AutoRun\command - "" = E:\lhylec9x.cmd -- File not found
O33 - MountPoints2\{401b1f66-a570-11df-af13-806d6172696f}\Shell\open\Command - "" = E:\lhylec9x.cmd -- File not found
O33 - MountPoints2\{401b1f67-a570-11df-af13-002618779e1b}\Shell\AutoRun\command - "" = F:\lhylec9x.cmd -- File not found
O33 - MountPoints2\{401b1f67-a570-11df-af13-002618779e1b}\Shell\open\Command - "" = F:\lhylec9x.cmd -- File not found
O33 - MountPoints2\{401b1f68-a570-11df-af13-002618779e1b}\Shell\AutoRun\command - "" = G:\lhylec9x.cmd -- File not found
O33 - MountPoints2\{401b1f68-a570-11df-af13-002618779e1b}\Shell\open\Command - "" = G:\lhylec9x.cmd -- File not found
O33 - MountPoints2\{401b1f69-a570-11df-af13-002618779e1b}\Shell\AutoRun\command - "" = H:\lhylec9x.cmd -- File not found
O33 - MountPoints2\{401b1f69-a570-11df-af13-002618779e1b}\Shell\open\Command - "" = H:\lhylec9x.cmd -- File not found
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/20 12:54:42 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/20 12:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/09/20 12:04:34 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\MGADiag.exe
[2010/09/16 12:17:19 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/15 19:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/15 19:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ares
[2010/09/14 14:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\FriendFinder
[2010/09/13 14:45:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/13 14:45:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/13 14:45:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/13 14:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/13 12:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/09/13 12:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/09/11 15:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/09/08 23:54:44 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/09/08 23:54:33 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/08 23:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/09/08 23:46:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/08 23:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/09/08 23:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/09/08 22:18:12 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2010/09/08 22:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2010/09/08 00:25:25 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/08 00:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/09/07 22:19:25 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/09/07 22:19:20 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/07 22:19:04 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/07 22:19:00 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/09/07 22:18:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/09/07 10:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ZoneAlarm
[2010/09/07 10:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm
[2010/09/07 10:37:22 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/09/07 10:37:19 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/09/07 10:37:19 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/09/07 10:37:12 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/09/07 10:37:10 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/09/07 10:37:10 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/09/07 10:37:10 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/09/07 10:37:10 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/09/07 10:37:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/09/07 10:37:07 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/09/07 10:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/09/07 10:35:56 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/09/07 10:35:56 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/09/07 10:35:56 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/09/07 01:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2010/09/07 01:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help
[2010/09/06 20:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/09/06 17:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Registry Mechanic
[2010/09/06 17:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\WinZip
[2010/09/06 17:34:25 | 001,434,864 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\CCleaner.exe
[2010/09/06 17:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/09/05 13:17:22 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/09/05 13:17:19 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/09/05 13:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/09/05 01:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/04 18:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ForceField Shared Files
[2010/09/04 18:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2010/09/04 18:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
[2010/09/04 18:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/09/04 18:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/09/02 18:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/09/02 18:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/09/01 21:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Easy Transfer 7
[2010/08/31 20:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/31 11:59:41 | 000,000,000 | ---D | C] -- C:\maths
[2010/08/28 19:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Albums
[2010/08/28 17:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Tracing
[2010/08/28 16:10:31 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2010/08/28 16:09:51 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2010/08/28 16:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Virgin Media
[2010/08/28 16:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/08/28 16:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2010/08/28 16:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2010/08/28 12:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\awc_kam2020
[2010/08/28 11:59:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/28 11:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/28 11:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/28 11:59:19 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/28 11:59:19 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/28 11:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\OLDJava
[2010/08/28 11:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2010/08/27 23:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\temp
[2010/08/27 23:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/27 21:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/26 11:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/08/26 00:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/26 00:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/25 20:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage
[2010/08/25 20:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2010/08/25 13:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/08/25 13:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/08/25 13:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/08/25 13:06:16 | 000,626,960 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvaut32.dll
[2010/08/25 13:06:16 | 000,487,424 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvcp70.dll
[2010/08/25 13:06:16 | 000,344,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvcr70.dll
[2010/08/25 13:06:16 | 000,082,432 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXML4r.dll
[2010/08/25 13:06:16 | 000,044,544 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXML4a.dll
[2010/08/25 13:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/08/25 13:02:20 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/08/25 13:01:55 | 000,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2010/08/25 13:01:55 | 000,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2010/08/25 13:01:55 | 000,065,536 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2010/08/25 13:01:55 | 000,061,440 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2010/08/25 13:01:55 | 000,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2010/08/25 13:01:54 | 000,278,584 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll
[2010/08/25 13:01:49 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010/08/25 13:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/08/25 13:00:21 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/08/25 12:55:40 | 000,581,632 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl.dll
[2010/08/25 12:55:40 | 000,278,528 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpgwiamd.dll
[2010/08/25 12:55:40 | 000,270,336 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll
[2010/08/25 12:55:40 | 000,090,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst08.dll
[2010/08/25 12:55:34 | 000,180,315 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzsnt10.dll
[2010/08/25 12:55:32 | 000,344,064 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzcon10.dll
[2010/08/25 12:55:32 | 000,196,608 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzcoi10.dll
[2010/08/25 12:37:57 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/08/25 12:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\OneNote Notebooks
[2010/08/24 22:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/24 22:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/24 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/08/24 14:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/24 14:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2010/08/24 14:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/08/24 14:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/08/24 14:30:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/24 13:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/08/24 13:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/08/24 09:19:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/08/24 09:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/08/24 09:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/08/24 09:18:44 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/08/24 09:18:44 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/08/24 09:18:44 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/08/24 09:18:44 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/08/24 09:18:44 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/08/24 09:18:44 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/08/24 00:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Audible
[2010/08/23 23:39:13 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2010/08/23 23:39:09 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2010/08/23 23:39:09 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/08/23 23:39:09 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/08/23 23:39:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/08/23 23:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Audible
[2010/08/23 23:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Audible
[2010/08/23 23:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Audible
[2010/08/23 23:32:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/08/23 23:32:12 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/08/23 23:32:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/08/23 23:32:11 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/08/23 23:31:45 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/08/23 23:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/08/23 23:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2010/08/23 23:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/08/23 23:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/23 23:16:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/08/23 22:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2010/08/23 22:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/23 22:30:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/08/23 22:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/08/23 22:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2010/08/23 21:40:01 | 000,000,000 | ---D | C] -- C:\New Folder (2)
[2010/08/23 19:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Skype
[2010/08/23 19:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2010/08/23 19:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/08/23 19:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/08/23 19:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ICQ
[2010/08/23 19:25:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\aod
[2010/08/23 19:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ
[2010/08/23 19:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/08/23 17:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/08/23 17:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2010/08/23 17:46:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2009/08/12 08:50:21 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/12 08:50:19 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/09/20 12:55:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\055gou65.exe
[2010/09/20 12:54:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/20 12:38:21 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/20 12:35:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/20 12:35:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/20 12:34:22 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/09/20 12:34:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/20 12:22:53 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/20 12:20:11 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2007.lnk
[2010/09/20 12:05:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/20 12:04:40 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\MGADiag.exe
[2010/09/20 11:22:58 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2010/09/20 04:46:25 | 065,036,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/19 20:18:54 | 000,057,905 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WRLH033-H.gif
[2010/09/17 18:58:45 | 000,010,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Lh 1020.docx
[2010/09/17 13:21:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100825132120.job
[2010/09/16 16:04:07 | 000,177,057 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MalWare Removal.docx
[2010/09/16 13:12:36 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/09/16 12:30:30 | 006,916,708 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/09/16 00:00:05 | 000,012,650 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Your car has broken down in the suburbs.docx
[2010/09/15 03:02:29 | 000,010,005 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\sylimarine.docx
[2010/09/14 14:40:27 | 000,002,040 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FriendFinder Messenger v4.1.lnk
[2010/09/14 14:40:26 | 000,002,040 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FriendFinder Messenger v4.1.lnk
[2010/09/13 14:44:59 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/13 14:44:59 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/13 14:44:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/13 14:44:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/13 14:44:59 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/09/11 15:06:16 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/09/09 22:08:37 | 000,111,797 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\films.docx
[2010/09/09 15:21:36 | 000,238,096 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\he017.pdf
[2010/09/09 15:19:14 | 000,269,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mp041.pdf
[2010/09/09 11:09:48 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/08 23:54:31 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/08 23:46:35 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/08 22:18:13 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2010/09/07 22:19:29 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/09/07 22:19:29 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/09/07 22:19:24 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/09/07 22:19:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/07 22:19:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/09/07 22:19:00 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/09/07 10:43:41 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/09/07 10:37:24 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/09/07 10:37:24 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk
[2010/09/06 20:02:32 | 000,001,428 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/09/06 20:02:32 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/09/06 18:56:28 | 000,426,426 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100906_185616.reg
[2010/09/06 17:32:47 | 000,137,313 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/09/06 14:41:57 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Add or Remove Programs.lnk
[2010/09/04 16:06:12 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/04 16:06:12 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/09/02 18:59:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/02 13:28:06 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Melcom 6600 installation notes.doc
[2010/09/01 23:32:31 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Audible Manager.lnk
[2010/09/01 21:41:58 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/31 21:57:47 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/31 12:41:23 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MATHSWATCH_Higher.exe.lnk
[2010/08/31 12:35:29 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/30 11:58:30 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2010/08/28 20:50:32 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2007.lnk
[2010/08/28 19:37:35 | 000,555,684 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/28 19:37:35 | 000,465,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/28 19:37:35 | 000,079,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/26 16:23:36 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2010/08/26 14:49:21 | 004,047,409 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Doc9.docx
[2010/08/26 13:35:48 | 004,142,830 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Doc8.docx
[2010/08/26 12:49:12 | 000,971,087 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Doc4.docx
[2010/08/25 20:40:27 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/08/25 13:12:11 | 000,104,194 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2010/08/25 13:10:36 | 000,000,637 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/25 13:09:06 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2010/08/25 13:08:10 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2010/08/25 13:05:35 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2010/08/24 15:45:17 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/24 15:11:31 | 000,092,344 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/24 14:28:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/24 13:51:43 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Publisher 2007.lnk
[2010/08/24 13:51:42 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Access 2007.lnk
[2010/08/24 00:21:33 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/24 00:10:47 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/23 23:39:13 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2010/08/23 23:22:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/08/23 22:41:51 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/08/23 22:29:58 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/23 22:29:58 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2010/08/23 22:25:36 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/23 21:39:20 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2010/08/23 19:25:22 | 000,001,436 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICQ.lnk

========== Files Created - No Company Name ==========

[2010/09/20 12:55:45 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\055gou65.exe
[2010/09/20 11:22:53 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2010/09/19 20:18:50 | 000,057,905 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WRLH033-H.gif
[2010/09/17 18:58:45 | 000,010,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Lh 1020.docx
[2010/09/16 16:04:03 | 000,177,057 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MalWare Removal.docx
[2010/09/15 23:59:33 | 000,012,650 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Your car has broken down in the suburbs.docx
[2010/09/15 03:02:29 | 000,010,005 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\sylimarine.docx
[2010/09/14 14:40:27 | 000,002,040 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FriendFinder Messenger v4.1.lnk
[2010/09/14 14:40:26 | 000,002,040 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FriendFinder Messenger v4.1.lnk
[2010/09/11 15:06:13 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/09/09 22:08:36 | 000,111,797 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\films.docx
[2010/09/09 15:21:36 | 000,238,096 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\he017.pdf
[2010/09/09 15:19:14 | 000,269,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mp041.pdf
[2010/09/09 03:06:49 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/09/08 23:57:04 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/08 23:46:35 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/08 22:18:13 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2010/09/07 22:19:29 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/09/07 22:19:00 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/09/07 22:18:56 | 065,036,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/07 10:37:24 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk
[2010/09/07 10:37:07 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/09/06 20:02:32 | 000,001,428 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/09/06 20:02:32 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/09/06 18:56:19 | 000,426,426 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100906_185616.reg
[2010/09/06 14:41:56 | 000,000,241 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Add or Remove Programs.lnk
[2010/09/05 13:16:08 | 000,137,313 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/09/04 18:27:46 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/09/04 16:06:12 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/09/04 16:06:12 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/09/02 18:59:34 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/02 13:28:05 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Melcom 6600 installation notes.doc
[2010/08/31 12:40:57 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MATHSWATCH_Higher.exe.lnk
[2010/08/30 11:58:30 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2010/08/26 14:49:21 | 004,047,409 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Doc9.docx
[2010/08/26 13:35:47 | 004,142,830 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Doc8.docx
[2010/08/26 12:49:12 | 000,971,087 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Doc4.docx
[2010/08/25 20:40:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/08/25 13:21:20 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\WebReg 20100825132120.job
[2010/08/25 13:09:05 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2010/08/25 13:08:10 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2010/08/25 13:05:35 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2010/08/25 12:55:47 | 000,104,194 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/08/25 12:55:47 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010/08/25 12:55:47 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/08/24 14:28:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/08/24 13:51:43 | 000,002,521 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2007.lnk
[2010/08/24 13:51:43 | 000,002,517 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Publisher 2007.lnk
[2010/08/24 13:51:42 | 000,002,549 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Access 2007.lnk
[2010/08/24 00:21:33 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/24 00:10:47 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/23 23:39:20 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Audible Manager.lnk
[2010/08/23 23:22:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/23 23:21:37 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/23 22:41:51 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/08/23 22:29:58 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/23 22:28:04 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 22:25:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/23 19:25:22 | 000,001,436 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICQ.lnk
[2010/08/23 19:25:22 | 000,000,457 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2010/08/11 18:47:43 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/12 09:41:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/12 08:50:21 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/12 08:50:21 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/12 08:50:21 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/11 20:06:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/08/11 20:06:52 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/08/11 19:51:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/08/11 14:03:27 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
< End of report >


Kam
kamman
Active Member
 
Posts: 10
Joined: September 17th, 2010, 6:17 am

Re: google-analytics virus re direction

Unread postby kamman » September 21st, 2010, 5:48 am

Deltalima.

I am trying to send you the last part of the GMER SCAN, everytime i try yo post it the web page times out instantly, i have reduced the size of the post and managed to post part 1 but cant post part 2

can you please help? or can i email to you

kam
kamman
Active Member
 
Posts: 10
Joined: September 17th, 2010, 6:17 am

Re: google-analytics virus re direction

Unread postby deltalima » September 21st, 2010, 7:59 am

Hi kamman,

everytime i try yo post it the web page times out instantly


It looks like the second part of the OTL scan (extras.txt) that is failing to post.

Please remove the event log entries at the end of the report and try to post again, also please post the GMER log if possible. If you still have problems then let me know and we will attempt to fix the infection that is blocking the post.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: google-analytics virus re direction

Unread postby kamman » September 21st, 2010, 11:56 am

Hello Deltalima

Please see the results for GMER scan. I am still trying to send the results for the Other.txt file which is refusing to to load here.


b]GMER txt[/b]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-20 19:29:14
Windows 5.1.2600 Service Pack 3
Running: 055gou65.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgtyipog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1



thanks
Kam
kamman
Active Member
 
Posts: 10
Joined: September 17th, 2010, 6:17 am

Re: google-analytics virus re direction

Unread postby deltalima » September 21st, 2010, 12:00 pm

Hi kamman,

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: google-analytics virus re direction

Unread postby kamman » September 21st, 2010, 12:03 pm

Deltalima
Please see log for Events.txt , i have deleted some text from the bottom of the log starting from Application Events. If you need any more information please let me know.

Thanks
Kam


EXTRAS txt

OTL Extras logfile created on: 20/09/2010 13:08:53 - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.43 Gb Total Space | 86.92 Gb Free Space | 74.65% Space Free | Partition Type: NTFS
Drive D: | 116.43 Gb Total Space | 116.29 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-2XX4MKUBCK
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1396501628-957317575-3343094678-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37BB5241-51CE-469E-9CCF-A76FC00F4604}" = 4200Trb
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5B34A6C6-8738-4E5D-A210-1084C440157A}" = 4200Tour
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7673108D-9DED-4454-9712-FB2771D94446}" = RPS PerfectDiskStub
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9D85CA5D-075D-4F34-BF9D-080D9EFB0ECC}" = 4200_Help
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}" = FriendFinder Messenger v4.1
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8F1C27F-2BA5-4923-A609-26158FB0F376}" = 4200
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleManager" = AudibleManager
"AVG9Uninstall" = AVG Free 9.0
"AVGantiRootkit" = AVG Anti-Rootkit Free
"Eee Docking_is1" = Eee Docking 1.3.6.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQ" = ICQ
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WET7Cable" = Windows Easy Transfer for Windows 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1396501628-957317575-3343094678-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========
kamman
Active Member
 
Posts: 10
Joined: September 17th, 2010, 6:17 am

Re: google-analytics virus re direction

Unread postby deltalima » September 21st, 2010, 4:06 pm

Thanks, please post the RKUnHooker and MBRCheck log when ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: google-analytics virus re direction

Unread postby kamman » September 22nd, 2010, 5:20 am

Deltalima
Please see following logs for RKU and MBR scans.If you need more info please let me know

RKU scan log

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8E88000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA851D000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5251072 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA8231000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1761280 bytes (-, UVC Camera Streaming Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xB8CD6000 C:\WINDOWS\system32\DRIVERS\athw.sys 1531904 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xB9E57000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D3C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8126000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xB8C04000 C:\WINDOWS\System32\Drivers\wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xA8069000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8B5B000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA8405000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7214000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9DE0000 bdfsfltr.sys 282624 bytes (BitDefender S.R.L. Bucharest, ROMANIA, BitDefender AntiVirus FS filter driver)
0xA65BB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA81CF000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xA7F95000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB8C80000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 204800 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA74D8000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D0F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA5302000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA80D9000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8E4C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA81A7000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA83DF000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA7F49000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA84F9000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8CB2000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8BB9000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8104000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E37000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9CF5000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9DC9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8BED000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA74C3000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8E74000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA845E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9E25000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8BDC000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA208000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA0F8000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xBA308000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA318000 C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 57344 bytes (Atheros Communications, Inc., Atheros AR8131/AR8132 PCI-E Ethernet Controller ndis miniport driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA158000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB946E000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xBA198000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB944E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA188000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA1C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA108000 AVGIDSEH.sys 36864 bytes (AVG Technologies , IDS Application Activity Monitor Helper Driver.)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB94AE000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB947E000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA5DA4000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB948E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3A0000 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 32768 bytes (Check Point Software Technologies, ZoneAlarm ForceField)
0xBA410000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA450000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA420000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0xBA438000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA478000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA400000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA408000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3E8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9CC5000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB9CB1000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA7B11000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xB9CC1000 C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 12288 bytes (ASUSTeK Computer Inc., ASUS ACPI Device Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA7F81000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA5A0000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA5A4000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9CBD000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA588000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5AC000 avgarkt.sys 8192 bytes (GRISOFT, s.r.o., AVG Anti-Rootkit Driver)
0xBA602000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA600000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA604000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA606000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5F2000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA751000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7D4000 C:\WINDOWS\System32\DRIVERS\AvgArCln.sys 4096 bytes (GRISOFT, s.r.o., AVG7 Clean Driver)
0xBA7F4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7D3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x89833AEA ?_empty_? 1302 bytes
0x89833EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x8A40A7F0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9F31000 WARNING: suspicious driver modification [atapi.sys::0x89833AEA]
0xA8405000 WARNING: Virus alike driver modification [tcpip.sys], 364544 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.6.Crwl
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.6.gthr
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS000E9.log
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS000EA.log
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wsb
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0002.000
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0002.001
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0002.002
!-->[Hidden] C:\Documents and Settings\Owner\Cookies\owner@kids.audible[1].txt
!-->[Hidden] C:\Documents and Settings\Owner\Cookies\owner@www.audible.co[2].txt
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Audible\Details.html
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\~archive.pst.tmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\Cache\2BBA040Dd01
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\Cache\5774A321d01
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\Cache\6915EECAd01
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\Cache\7563122Ad01
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\Cache\B4FB1EA2d01
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\z9lkskz7.default\Cache\FCEEDCB8d01
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012010092220100923\index.dat
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\53OMDZA2\113a82cbf1cb9a73328a2c995b224eba[1].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\53OMDZA2\8x60;noperf=1;alias=93126641;kvpg=%2FC%3A%2FDocuments%2520and%2520Settings%2FOwner%2FLocal%2520;kvmn=93126641;target=_blank;aduho=-60;grp=110142968;misc=110142968[1]
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\53OMDZA2\b[3].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\53OMDZA2\b[4].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\53OMDZA2\b[5].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\53OMDZA2\imp[3]
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\53OMDZA2\messenger_234x60_purple_amazed[1].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\53OMDZA2\spacer[9].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7E9Z0MT0\0x90;noperf=1;alias=93169980;kvpg=%2FC%3A%2FDocuments%2520and%2520Settings%2FOwner%2FLocal%2520;kvmn=93169980;target=_blank;aduho=-60;grp=111264359;misc=111264359[1]
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7E9Z0MT0\0x90;noperf=1;alias=93169980;kvpg=%2FC%3A%2FDocuments%2520and%2520Settings%2FOwner%2FLocal%2520;kvmn=93169980;target=_blank;aduho=-60;grp=111593562;misc=111593562[1]
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7E9Z0MT0\Ad0St1Sz1Sq0V4Id1186060[1].jpg
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7E9Z0MT0\b[4].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7E9Z0MT0\client_ad[2].php
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7E9Z0MT0\client_ad[3].php
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7E9Z0MT0\imp[2]
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7E9Z0MT0\NHSJobsLogo[1].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H0VVEA4O\0x90;noperf=1;alias=93169980;kvpg=%2FC%3A%2FDocuments%2520and%2520Settings%2FOwner%2FLocal%2520;kvmn=93169980;target=_blank;aduho=-60;grp=112333109;misc=112333109[1]
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H0VVEA4O\Ad0St1Sz5Sq0V1Id1364583[1].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H0VVEA4O\Ad0St1Sz5Sq0V1Id1498101[1].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H0VVEA4O\b[2].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H0VVEA4O\client_ad[3].php
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H0VVEA4O\logo_wales[1].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H0VVEA4O\NHSlogo_email[1].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PKJ87YS3\0x90;noperf=1;alias=93169980;kvpg=%2FC%3A%2FDocuments%2520and%2520Settings%2FOwner%2FLocal%2520;kvmn=93169980;target=_blank;aduho=-60;grp=110133687;misc=110133687[1]
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PKJ87YS3\0x90;noperf=1;alias=93169980;kvpg=%2FC%3A%2FDocuments%2520and%2520Settings%2FOwner%2FLocal%2520;kvmn=93169980;target=_blank;aduho=-60;grp=112012718;misc=112012718[1]
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PKJ87YS3\0x90;noperf=1;alias=93169980;kvpg=%2FC%3A%2FDocuments%2520and%2520Settings%2FOwner%2FLocal%2520;kvmn=93169980;target=_blank;aduho=-60;grp=112737890;misc=112737890[1]
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PKJ87YS3\b[3].gif
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PKJ87YS3\client_ad[3].php
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PKJ87YS3\client_ad[4].php
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PKJ87YS3\client_ad[5].php
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PKJ87YS3\imp[3]
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.Word\~WRS{1D68ABC9-3A8A-4CC2-B125-EDDB71C5349E}.tmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.Word\~WRS{5F17BB15-BFB6-4AD7-AC4A-C2621F952CC6}.tmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.Word\~WRS{7B4A66BA-CFF5-42BE-B5C4-0EBAE8AF2982}.tmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.Word\~WRS{925EC1C8-024A-4C7C-A785-E3A2BF6E4D9E}.tmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.Word\~WRS{A31CA98B-B822-47BD-8BAF-5926AD3A1A13}.tmp
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temp\hsperfdata_Owner\6044
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temp\hsperfdata_Owner\840
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temp\TempICQCLImage9316998019054.html
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temp\TempICQMagicNumber_9312664119256.html
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temp\~DFF137.tmp
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\Profiles\nv.gold@btinternet.com\Archive\Messages\obacken\20100922-nv.gold@btinternet.com.dat
!-->[Hidden] C:\Program Files\Yahoo!\Messenger\Y24uKWRZxQfChkQI4JKeIg--
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D7A0, Type: Inline - RelativeJump 0x805047A0-->805047BB [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xA8444428-->A814CCBA [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xA8444454-->A814C4C8 [vsdatant.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xA8444460-->A814C672 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB9493B4C-->A814CCBA [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xB9493B1C-->A814AC2A [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB9493B3C-->A814C4C8 [vsdatant.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB9493B28-->A814C672 [vsdatant.sys]
[1004]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1004]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1004]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1004]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1004]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1004]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1004]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1004]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1004]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1156]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1156]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1156]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1156]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1156]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1156]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1156]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1156]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1156]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1156]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1156]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1156]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1156]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1232]avgchsvx.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1232]avgchsvx.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1232]avgchsvx.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1232]avgchsvx.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1232]avgchsvx.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1232]avgchsvx.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1232]avgchsvx.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1232]avgchsvx.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1232]avgchsvx.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1240]avgrsx.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1240]avgrsx.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1240]avgrsx.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1240]avgrsx.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1240]avgrsx.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1240]avgrsx.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1240]avgrsx.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1240]avgrsx.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1240]avgrsx.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1280]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1280]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1280]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1280]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1280]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1280]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1280]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1280]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1280]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1304]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1304]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1304]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1304]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1304]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1304]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1304]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1304]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1304]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1420]avgcsrvx.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1420]avgcsrvx.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1420]avgcsrvx.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1420]avgcsrvx.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1420]avgcsrvx.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1420]avgcsrvx.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1420]avgcsrvx.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1420]avgcsrvx.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1420]avgcsrvx.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1444]Manager.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1444]Manager.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1444]Manager.exe-->kernel32.dll-->FindResourceA, Type: Inline - RelativeJump 0x7C80BF29-->00000000 [Manager.exe]
[1444]Manager.exe-->kernel32.dll-->FindResourceW, Type: Inline - RelativeJump 0x7C80BC6E-->00000000 [Manager.exe]
[1444]Manager.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1444]Manager.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1444]Manager.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1444]Manager.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1444]Manager.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x7E43C7DB-->00000000 [Manager.exe]
[1444]Manager.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x7E41EA3B-->00000000 [Manager.exe]
[1444]Manager.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1444]Manager.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1444]Manager.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1444]Manager.exe-->user32.dll-->LoadIconA, Type: Inline - RelativeJump 0x7E42E8F6-->00000000 [Manager.exe]
[1444]Manager.exe-->user32.dll-->LoadIconW, Type: Inline - RelativeJump 0x7E42E8BC-->00000000 [Manager.exe]
[1444]Manager.exe-->user32.dll-->LoadMenuA, Type: Inline - RelativeJump 0x7E44FA83-->00000000 [Manager.exe]
[1444]Manager.exe-->user32.dll-->LoadMenuW, Type: Inline - RelativeJump 0x7E42EB48-->00000000 [Manager.exe]
[1444]Manager.exe-->user32.dll-->LoadStringA, Type: Inline - RelativeJump 0x7E42C908-->00000000 [Manager.exe]
[1444]Manager.exe-->user32.dll-->LoadStringW, Type: Inline - RelativeJump 0x7E419E36-->00000000 [Manager.exe]
[1448]AAWTray.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1448]AAWTray.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1448]AAWTray.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1448]AAWTray.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1448]AAWTray.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1448]AAWTray.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1448]AAWTray.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1448]AAWTray.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1448]AAWTray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1496]avgwdsvc.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1496]avgwdsvc.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1496]avgwdsvc.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1496]avgwdsvc.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1496]avgwdsvc.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1496]avgwdsvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1496]avgwdsvc.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1496]avgwdsvc.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1496]avgwdsvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1540]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1540]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1540]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1540]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1540]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1540]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1540]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1540]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1540]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1836]explorer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1836]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1836]explorer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1836]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1836]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1836]explorer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1836]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1836]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1836]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1836]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[1836]explorer.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1836]explorer.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1836]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1836]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1836]explorer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1836]explorer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1836]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1836]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[1836]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1836]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1924]jqs.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[1924]jqs.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[1924]jqs.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[1924]jqs.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[1924]jqs.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[1924]jqs.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[1924]jqs.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[1924]jqs.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[1924]jqs.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2060]SeaPort.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2060]SeaPort.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2060]SeaPort.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2060]SeaPort.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2060]SeaPort.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2060]SeaPort.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2060]SeaPort.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2060]SeaPort.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2060]SeaPort.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2136]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2136]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2136]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2136]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2136]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2136]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2136]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2136]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2136]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2224]avgnsx.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2224]avgnsx.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2224]avgnsx.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2224]avgnsx.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2224]avgnsx.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2224]avgnsx.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2224]avgnsx.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2224]avgnsx.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2224]avgnsx.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2280]avgtray.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2280]avgtray.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2280]avgtray.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2280]avgtray.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2280]avgtray.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2280]avgtray.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2280]avgtray.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2280]avgtray.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2280]avgtray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2288]jusched.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2288]jusched.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2288]jusched.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2288]jusched.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2288]jusched.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2288]jusched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2288]jusched.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2288]jusched.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2288]jusched.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2328]ctfmon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2328]ctfmon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2328]ctfmon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2328]ctfmon.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2328]ctfmon.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2328]ctfmon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2328]ctfmon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2328]ctfmon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2328]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2504]searchindexer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2504]searchindexer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2504]searchindexer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2504]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [mssrch.dll]
[2504]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[2504]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[2504]searchindexer.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2504]searchindexer.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2504]searchindexer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2504]searchindexer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2504]searchindexer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2504]searchindexer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2728]WZQKPICK.EXE-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2728]WZQKPICK.EXE-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2728]WZQKPICK.EXE-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2728]WZQKPICK.EXE-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2728]WZQKPICK.EXE-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2728]WZQKPICK.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2728]WZQKPICK.EXE-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2728]WZQKPICK.EXE-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2728]WZQKPICK.EXE-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2780]wmiprvse.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2780]wmiprvse.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2780]wmiprvse.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2780]wmiprvse.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2780]wmiprvse.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2780]wmiprvse.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2780]wmiprvse.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2780]wmiprvse.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2780]wmiprvse.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[2896]sndvol32.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[2896]sndvol32.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[2896]sndvol32.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[2896]sndvol32.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[2896]sndvol32.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[2896]sndvol32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[2896]sndvol32.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[2896]sndvol32.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[2896]sndvol32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3484]unsecapp.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3484]unsecapp.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3484]unsecapp.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3484]unsecapp.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3484]unsecapp.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3484]unsecapp.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3484]unsecapp.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3484]unsecapp.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3484]unsecapp.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3528]igfxtray.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3528]igfxtray.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3528]igfxtray.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3528]igfxtray.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3528]igfxtray.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3528]igfxtray.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3528]igfxtray.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3528]igfxtray.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3528]igfxtray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3544]hkcmd.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3544]hkcmd.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3544]hkcmd.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3544]hkcmd.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3544]hkcmd.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3544]hkcmd.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3544]hkcmd.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3544]hkcmd.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3544]hkcmd.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3576]igfxpers.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3576]igfxpers.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3576]igfxpers.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3576]igfxpers.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3576]igfxpers.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3576]igfxpers.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3576]igfxpers.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3576]igfxpers.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3576]igfxpers.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3620]wmiprvse.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3620]wmiprvse.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3620]wmiprvse.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3620]wmiprvse.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3620]wmiprvse.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3620]wmiprvse.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3620]wmiprvse.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3620]wmiprvse.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3620]wmiprvse.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3632]YahooMessenger.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3632]YahooMessenger.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3632]YahooMessenger.exe-->gdi32.dll-->GetStockObject, Type: IAT modification 0x006DE0EC-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x006DE3B8-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x006DE240-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x006DE288-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x006DE280-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3632]YahooMessenger.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3632]YahooMessenger.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3632]YahooMessenger.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3632]YahooMessenger.exe-->shell32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x7C9C1134-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x7C9C1D18-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->user32.dll-->DefWindowProcA, Type: IAT modification 0x7C9C1D48-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x7C9C1EA4-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x7C9C1E3C-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x7C9C1EE4-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x7C9C1F90-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x7C9C1D34-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->user32.dll-->DefWindowProcW, Type: IAT modification 0x006DEA30-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3632]YahooMessenger.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3632]YahooMessenger.exe-->user32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x7E411130-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x006DEA2C-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x006DEAF8-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3632]YahooMessenger.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x006DEBD0-->00000000 [yui.dll]
[3632]YahooMessenger.exe-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x006DEC54-->00000000 [yui.dll]
[3680]RTHDCPL.EXE-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3680]RTHDCPL.EXE-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3680]RTHDCPL.EXE-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3680]RTHDCPL.EXE-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3680]RTHDCPL.EXE-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3680]RTHDCPL.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3680]RTHDCPL.EXE-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3680]RTHDCPL.EXE-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3680]RTHDCPL.EXE-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3692]igfxsrvc.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3692]igfxsrvc.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3692]igfxsrvc.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3692]igfxsrvc.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3692]igfxsrvc.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3692]igfxsrvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3692]igfxsrvc.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3692]igfxsrvc.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3692]igfxsrvc.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3704]SynTPEnh.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3704]SynTPEnh.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3704]SynTPEnh.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3704]SynTPEnh.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3704]SynTPEnh.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3704]SynTPEnh.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3704]SynTPEnh.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3704]SynTPEnh.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3704]SynTPEnh.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3752]sndvol32.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3752]sndvol32.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3752]sndvol32.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3752]sndvol32.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3752]sndvol32.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3752]sndvol32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3752]sndvol32.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3752]sndvol32.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3752]sndvol32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3896]Icq.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3896]Icq.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3896]Icq.exe-->advapi32.dll-->RegQueryValueExA, Type: IAT modification 0x004F7010-->00000000 [aclayers.dll]
[3896]Icq.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3896]Icq.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3896]Icq.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004F84FC-->00000000 [shimeng.dll]
[3896]Icq.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3896]Icq.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3896]Icq.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3896]Icq.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3896]Icq.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3896]Icq.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3896]Icq.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3896]Icq.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3896]Icq.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3896]Icq.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[3896]Icq.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[3896]Icq.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3952]avgcsrvx.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[3952]avgcsrvx.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[3952]avgcsrvx.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[3952]avgcsrvx.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[3952]avgcsrvx.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[3952]avgcsrvx.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[3952]avgcsrvx.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[3952]avgcsrvx.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[3952]avgcsrvx.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[4088]plugin-container.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[4088]plugin-container.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[4088]plugin-container.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[4088]plugin-container.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[4088]plugin-container.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[4088]plugin-container.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[4088]plugin-container.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[4088]plugin-container.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[4088]plugin-container.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[4088]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[4668]OUTLOOK.EXE-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[4668]OUTLOOK.EXE-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[4668]OUTLOOK.EXE-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[4668]OUTLOOK.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C84495D-->00000000 [MSO.DLL]
[4668]OUTLOOK.EXE-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[4668]OUTLOOK.EXE-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[4668]OUTLOOK.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[4668]OUTLOOK.EXE-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[4668]OUTLOOK.EXE-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[4668]OUTLOOK.EXE-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[5340]sndvol32.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[5340]sndvol32.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[5340]sndvol32.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[5340]sndvol32.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[5340]sndvol32.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[5340]sndvol32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[5340]sndvol32.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[5340]sndvol32.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[5340]sndvol32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[580]AAWService.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[580]AAWService.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[580]AAWService.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[580]AAWService.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[580]AAWService.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[580]AAWService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[580]AAWService.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[580]AAWService.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[580]AAWService.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[6044]java.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[6044]java.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[6044]java.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[6044]java.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[6044]java.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[6044]java.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[6044]java.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[6044]java.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[6044]java.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[680]GrooveMonitor.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[680]GrooveMonitor.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[680]GrooveMonitor.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[680]GrooveMonitor.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[680]GrooveMonitor.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[680]GrooveMonitor.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[680]GrooveMonitor.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[680]GrooveMonitor.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[680]GrooveMonitor.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[768]sndvol32.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[768]sndvol32.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[768]sndvol32.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[768]sndvol32.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[768]sndvol32.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[768]sndvol32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[768]sndvol32.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[768]sndvol32.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[768]sndvol32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[788]winlogon.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[788]winlogon.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[788]winlogon.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[788]winlogon.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[788]winlogon.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[788]winlogon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[788]winlogon.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[788]winlogon.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[788]winlogon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[812]spoolsv.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[812]spoolsv.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[812]spoolsv.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[812]spoolsv.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[812]spoolsv.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[812]spoolsv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[812]spoolsv.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[812]spoolsv.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[812]spoolsv.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[836]services.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[836]services.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[836]services.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x7C8309E9-->00000000 [ISWSHEX.dll]
[836]services.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[836]services.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[836]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[836]services.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[836]services.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[836]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]
[848]lsass.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x77DD7426-->00000000 [ISWSHEX.dll]
[848]lsass.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x77DDF193-->00000000 [ISWSHEX.dll]
[848]lsass.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x7C90CE8E-->00000000 [ISWSHEX.dll]
[848]lsass.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x7C90D3FE-->00000000 [ISWSHEX.dll]
[848]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [ISWSHEX.dll]
[848]lsass.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x7E4282E1-->00000000 [ISWSHEX.dll]
[848]lsass.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x7E42C9C3-->00000000 [ISWSHEX.dll]
[848]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [ISWSHEX.dll]


MBR scan log
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA5AC000 avgarkt.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9E57000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E37000 fltMgr.sys
0xB9E25000 sr.sys
0xB9DE0000 bdfsfltr.sys
0xBA0F8000 Lbd.sys
0xB9DC9000 KSecDD.sys
0xB9D3C000 Ntfs.sys
0xB9D0F000 NDIS.sys
0xBA108000 AVGIDSEH.sys
0xB9CF5000 Mup.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8E88000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8E74000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8E4C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8CD6000 \SystemRoot\system32\DRIVERS\athw.sys
0xBA318000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8CB2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3B8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA158000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8C80000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5F2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA168000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8C04000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9CC5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9CC1000 \SystemRoot\system32\DRIVERS\ASUSACPI.sys
0xBA751000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9CBD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8BED000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8BDC000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5F4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8BB9000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8B5B000 \SystemRoot\system32\DRIVERS\update.sys
0xB9CB1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA1F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA851D000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA84F9000 \SystemRoot\system32\drivers\portcls.sys
0xBA208000 \SystemRoot\system32\drivers\drmk.sys
0xBA600000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7D3000 \SystemRoot\System32\Drivers\Null.SYS
0xBA602000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA7D4000 \SystemRoot\System32\DRIVERS\AvgArCln.sys
0xBA400000 \SystemRoot\System32\drivers\vga.sys
0xBA604000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA606000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA408000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA410000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA588000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA845E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8405000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA83DF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8231000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xBA238000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xBA420000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA448000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB94AE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA5A4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA81CF000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA81A7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8126000 \SystemRoot\System32\vsdatant.sys
0xB948E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8104000 \SystemRoot\System32\drivers\afd.sys
0xB947E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA80D9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8069000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB944E000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA478000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA7F95000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA7F49000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA7F81000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3E8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7F4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB946E000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA7B11000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA3A0000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xA74D8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA74C3000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA308000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7214000 \SystemRoot\system32\DRIVERS\srv.sys
0xA65BB000 \SystemRoot\System32\Drivers\HTTP.sys
0xA5951000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA47AC000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
692 C:\WINDOWS\system32\smss.exe
764 csrss.exe
788 C:\WINDOWS\system32\winlogon.exe
836 C:\WINDOWS\system32\services.exe
848 C:\WINDOWS\system32\lsass.exe
1004 C:\WINDOWS\system32\svchost.exe
1088 svchost.exe
1156 C:\WINDOWS\system32\svchost.exe
1232 C:\Program Files\AVG\AVG9\avgchsvx.exe
1240 C:\Program Files\AVG\AVG9\avgrsx.exe
1304 svchost.exe
1420 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1540 svchost.exe
1836 C:\WINDOWS\explorer.exe
1900 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
544 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
580 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
812 C:\WINDOWS\system32\spoolsv.exe
1280 svchost.exe
1496 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1924 C:\Program Files\Java\jre6\bin\jqs.exe
2060 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2136 C:\WINDOWS\system32\svchost.exe
2224 C:\Program Files\AVG\AVG9\avgnsx.exe
2504 C:\WINDOWS\system32\searchindexer.exe
3484 unsecapp.exe
3528 C:\WINDOWS\system32\igfxtray.exe
3544 C:\WINDOWS\system32\hkcmd.exe
3576 C:\WINDOWS\system32\igfxpers.exe
3620 wmiprvse.exe
3680 C:\WINDOWS\RTHDCPL.EXE
3692 C:\WINDOWS\system32\igfxsrvc.exe
3704 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
680 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
1648 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
2280 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2288 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2328 C:\WINDOWS\system32\ctfmon.exe
2728 C:\Documents and Settings\Owner\Desktop\WinZip\WZQKPICK.EXE
2780 wmiprvse.exe
4008 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
840 C:\Program Files\Mozilla Firefox\firefox.exe
3632 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
3896 C:\Program Files\ICQ\Icq.exe
4088 C:\Program Files\Mozilla Firefox\plugin-container.exe
1448 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
6044 C:\Program Files\Java\jre6\bin\java.exe
1444 C:\Program Files\Audible\Bin\Manager.exe
2896 C:\WINDOWS\system32\sndvol32.exe
3752 C:\WINDOWS\system32\sndvol32.exe
5340 C:\WINDOWS\system32\sndvol32.exe
4668 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
3952 C:\Program Files\AVG\AVG9\avgcsrvx.exe
768 C:\WINDOWS\system32\sndvol32.exe
5052 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`1b893e00 (NTFS)

PhysicalDrive0 Model Number: ST9250315AS, Rev: 0003SDM1

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


Thanks
Kam
kamman
Active Member
 
Posts: 10
Joined: September 17th, 2010, 6:17 am

Re: google-analytics virus re direction

Unread postby deltalima » September 22nd, 2010, 5:25 am

Hi kamman,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: google-analytics virus re direction

Unread postby kamman » September 22nd, 2010, 5:55 am

Deltalime
Please see scan results for tdss killer.
2010/09/22 10:46:05.0625 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/22 10:46:05.0625 ================================================================================
2010/09/22 10:46:05.0625 SystemInfo:
2010/09/22 10:46:05.0625
2010/09/22 10:46:05.0625 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/22 10:46:05.0625 Product type: Workstation
2010/09/22 10:46:05.0625 ComputerName: YOUR-2XX4MKUBCK
2010/09/22 10:46:05.0625 UserName: Owner
2010/09/22 10:46:05.0625 Windows directory: C:\WINDOWS
2010/09/22 10:46:05.0625 System windows directory: C:\WINDOWS
2010/09/22 10:46:05.0625 Processor architecture: Intel x86
2010/09/22 10:46:05.0625 Number of processors: 2
2010/09/22 10:46:05.0625 Page size: 0x1000
2010/09/22 10:46:05.0625 Boot type: Normal boot
2010/09/22 10:46:05.0625 ================================================================================
2010/09/22 10:46:06.0812 Initialize success
2010/09/22 10:46:27.0015 ================================================================================
2010/09/22 10:46:27.0015 Scan started
2010/09/22 10:46:27.0015 Mode: Manual;
2010/09/22 10:46:27.0015 ================================================================================
2010/09/22 10:46:27.0859 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/22 10:46:27.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/22 10:46:28.0046 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/22 10:46:28.0140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/22 10:46:28.0484 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/09/22 10:46:28.0734 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/09/22 10:46:28.0984 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
2010/09/22 10:46:29.0046 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/22 10:46:29.0109 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/22 10:46:29.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/22 10:46:29.0250 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/22 10:46:29.0343 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
2010/09/22 10:46:29.0437 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
2010/09/22 10:46:29.0546 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/09/22 10:46:29.0625 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/09/22 10:46:29.0687 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/09/22 10:46:29.0781 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys
2010/09/22 10:46:29.0875 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/22 10:46:30.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/22 10:46:30.0203 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/22 10:46:30.0296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/22 10:46:30.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/22 10:46:30.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/22 10:46:30.0515 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/22 10:46:30.0609 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/22 10:46:30.0828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/22 10:46:30.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/22 10:46:31.0015 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/22 10:46:31.0062 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/22 10:46:31.0140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/22 10:46:31.0250 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/22 10:46:31.0359 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/22 10:46:31.0421 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/22 10:46:31.0468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/22 10:46:31.0531 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/22 10:46:31.0609 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/09/22 10:46:31.0765 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/09/22 10:46:31.0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/22 10:46:31.0890 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/22 10:46:31.0968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/22 10:46:32.0031 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/22 10:46:32.0140 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/22 10:46:32.0265 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/22 10:46:32.0312 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/22 10:46:32.0375 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/22 10:46:32.0453 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/22 10:46:32.0593 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/22 10:46:32.0828 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/09/22 10:46:33.0062 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
2010/09/22 10:46:33.0171 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/22 10:46:33.0453 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/22 10:46:33.0718 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/22 10:46:33.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/09/22 10:46:33.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/22 10:46:33.0890 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/22 10:46:33.0937 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/22 10:46:33.0984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/22 10:46:34.0046 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/22 10:46:34.0125 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/22 10:46:34.0234 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2010/09/22 10:46:34.0328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/22 10:46:34.0406 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/22 10:46:34.0484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/22 10:46:34.0546 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2010/09/22 10:46:34.0687 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/09/22 10:46:34.0781 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/09/22 10:46:34.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/22 10:46:35.0062 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/22 10:46:35.0156 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/09/22 10:46:35.0265 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/22 10:46:35.0343 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/22 10:46:35.0406 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/22 10:46:35.0531 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/22 10:46:35.0640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/22 10:46:35.0765 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/22 10:46:35.0843 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/22 10:46:35.0890 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/22 10:46:35.0953 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/22 10:46:36.0015 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/22 10:46:36.0078 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/22 10:46:36.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/22 10:46:36.0218 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/22 10:46:36.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/22 10:46:36.0375 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/22 10:46:36.0437 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/22 10:46:36.0500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/22 10:46:36.0546 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/22 10:46:36.0609 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/22 10:46:36.0687 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/22 10:46:36.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/22 10:46:36.0890 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/22 10:46:36.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/22 10:46:37.0093 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/22 10:46:37.0140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/22 10:46:37.0187 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/22 10:46:37.0281 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/22 10:46:37.0343 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/22 10:46:37.0406 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/22 10:46:37.0453 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/22 10:46:37.0546 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/22 10:46:37.0609 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/22 10:46:37.0968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/22 10:46:38.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/22 10:46:38.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/22 10:46:38.0453 RadialpointIDSEH (2457250ca176e7fde9c3d3b2c94341f0) C:\WINDOWS\system32\drivers\AVGIDSEH.sys
2010/09/22 10:46:38.0687 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/22 10:46:38.0734 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/22 10:46:38.0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/22 10:46:38.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/22 10:46:38.0968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/22 10:46:39.0046 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/22 10:46:39.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/22 10:46:39.0250 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/22 10:46:39.0453 RT80x86 (97b59ce2cfbb0884a16ddd8f1781812b) C:\WINDOWS\system32\DRIVERS\RT2860.sys
2010/09/22 10:46:39.0625 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/22 10:46:39.0703 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/22 10:46:39.0781 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/09/22 10:46:39.0906 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/22 10:46:40.0031 SNP2UVC (473f35e2a378b854731e67c377a3bea7) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/09/22 10:46:40.0203 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/22 10:46:40.0296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/22 10:46:40.0406 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/22 10:46:40.0515 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/22 10:46:40.0593 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/22 10:46:40.0656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/22 10:46:40.0890 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/22 10:46:40.0968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/22 10:46:41.0078 Tcpip (2cd86b51ba34278d358415f8015b0788) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/22 10:46:41.0093 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: 2cd86b51ba34278d358415f8015b0788, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d
2010/09/22 10:46:41.0125 Tcpip - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/22 10:46:41.0187 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/22 10:46:41.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/22 10:46:41.0296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/22 10:46:41.0546 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/22 10:46:41.0687 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/22 10:46:41.0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/22 10:46:41.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/22 10:46:41.0906 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/22 10:46:41.0984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/22 10:46:42.0046 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/22 10:46:42.0093 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/22 10:46:42.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/22 10:46:42.0250 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/09/22 10:46:42.0296 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
2010/09/22 10:46:42.0359 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/22 10:46:42.0468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/22 10:46:42.0546 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2010/09/22 10:46:42.0687 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/22 10:46:42.0765 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/09/22 10:46:42.0906 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/22 10:46:43.0156 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/22 10:46:43.0234 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/22 10:46:43.0281 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/22 10:46:43.0453 ================================================================================
2010/09/22 10:46:43.0453 Scan finished
2010/09/22 10:46:43.0453 ================================================================================
2010/09/22 10:46:43.0484 Detected object count: 1
2010/09/22 10:47:15.0609 Tcpip (2cd86b51ba34278d358415f8015b0788) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/22 10:47:15.0609 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: 2cd86b51ba34278d358415f8015b0788, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d
2010/09/22 10:47:16.0015 Backup copy found, using it..
2010/09/22 10:47:16.0187 C:\WINDOWS\system32\DRIVERS\tcpip.sys - will be cured after reboot
2010/09/22 10:47:16.0187 Rootkit.Win32.TDSS.tdl3(Tcpip) - User select action: Cure
2010/09/22 10:47:57.0234 Deinitialize success

thanks
Kam
kamman
Active Member
 
Posts: 10
Joined: September 17th, 2010, 6:17 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware