Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

artemis virus help plz

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

artemis virus help plz

Unread postby padar9 » October 10th, 2010, 10:02 am

found by McAfee and i want to remove all of this virus before any problems get to far.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:12:16 AM, on 10/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\Imgtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Home\LOCALS~1\Temp\clclean.0001
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100914230817.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.4; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; msn OptimizedIE8;ENUS; MSN 9.0;MSN 9.1;MSN 9.6; MSNbVZ02; MSNmen" -"http://www.schooltimegames.com/Science/Air_Invaders.html"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www-cdn.freerealms.com/gamedata/ ... cab?v=1043
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 12405 bytes

uninstall list
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Catalyst Control Center - Branding
CDDRV_Installer
Comcast Desktop Software (v1.2.0.9)
Command & Conquer Red Alert 2
Command && Conquer Red Alert 2 - Yuri's Revenge
Coupon Printer for Windows
Creative MediaSource
Dell Resource CD
Dell Support Center (Support Software)
Desktop Doctor
ESPNMotion
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Update
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
iSEEK AnswerWorks English Runtime
Java(TM) 6 Update 21
KhalInstallWrapper
K-Lite Mega Codec Pack 4.7.5
LimeWire PRO 5.4.6
Logitech SetPoint
McAfee Security Scan Plus
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.10)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Otto
PowerDVD 5.9
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SigmaTel Audio
Sonic Encoders
Sound Blaster Audigy ADVANCED MB
Spyware Doctor 7.0
TuneUp Utilities
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Uniblue DriverScanner 2009
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vz In Home Agent
WebEx Support Manager for Internet Explorer
Westwood Shared Internet Components
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
padar9
Active Member
 
Posts: 9
Joined: October 10th, 2010, 9:17 am
Advertisement
Register to Remove

Re: artemis virus help plz

Unread postby deltalima » October 12th, 2010, 6:52 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: artemis virus help plz

Unread postby deltalima » October 12th, 2010, 7:01 am

Hi padar9,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    LimeWire PRO 5.4.6


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: artemis virus help plz

Unread postby padar9 » October 14th, 2010, 10:37 am

thanx for helping ..
padar9
Active Member
 
Posts: 9
Joined: October 10th, 2010, 9:17 am

Re: artemis virus help plz

Unread postby deltalima » October 14th, 2010, 2:30 pm

Hi padar9,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: artemis virus help plz

Unread postby padar9 » October 17th, 2010, 9:13 am

Extras.txt---OTL Extras logfile created on: 10/17/2010 9:00:37 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 425.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 41.81 Gb Free Space | 56.13% Space Free | Partition Type: NTFS
Drive D: | 677.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-349281B2C7 | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1078081533-261903793-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{141F2872-D2F9-4A89-95D3-E222D1CBCC56}" = Vz In Home Agent
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{636F5444-8C7C-40C6-A89B-A1D2F01DC7F6}" = ATI Catalyst Control Center
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D42B6F90-1084-4C9B-AF28-958926E6E32E}" = LP_Flash
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ESPNMotion" = ESPNMotion
"Google Updater" = Google Updater
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSC" = McAfee SecurityCenter
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"Red Alert 2" = Command & Conquer Red Alert 2
"Spyware Doctor" = Spyware Doctor 7.0
"TuneUp Utilities" = TuneUp Utilities
"TurboTax 2009" = TurboTax 2009
"UnityWebPlayer" = Unity Web Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-261903793-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/12/2010 3:22:00 PM | Computer Name = HOME-349281B2C7 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/12/2010 3:22:02 PM | Computer Name = HOME-349281B2C7 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/17/2010 6:10:51 PM | Computer Name = HOME-349281B2C7 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3909, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/22/2010 3:08:18 AM | Computer Name = HOME-349281B2C7 | Source = Google Update | ID = 20
Description =

Error - 9/22/2010 3:21:17 AM | Computer Name = HOME-349281B2C7 | Source = Google Update | ID = 20
Description =

Error - 9/22/2010 4:08:16 AM | Computer Name = HOME-349281B2C7 | Source = Google Update | ID = 20
Description =

Error - 9/22/2010 4:21:16 AM | Computer Name = HOME-349281B2C7 | Source = Google Update | ID = 20
Description =

Error - 9/22/2010 5:08:16 AM | Computer Name = HOME-349281B2C7 | Source = Google Update | ID = 20
Description =

Error - 9/22/2010 5:21:16 AM | Computer Name = HOME-349281B2C7 | Source = Google Update | ID = 20
Description =

Error - 10/3/2010 5:06:31 PM | Computer Name = HOME-349281B2C7 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2092 (0x82c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Java\jre6\bin\deploy.dll

by C:\Program Files\Java\jre6\bin\jqs.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 10/3/2010 5:07:03 PM | Computer Name = HOME-349281B2C7 | Source = DCOM | ID = 10010
Description = The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register
with DCOM within the required timeout.

Error - 10/3/2010 5:07:37 PM | Computer Name = HOME-349281B2C7 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 10/8/2010 6:17:59 AM | Computer Name = HOME-349281B2C7 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/8/2010 6:17:59 AM | Computer Name = HOME-349281B2C7 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/8/2010 6:18:14 AM | Computer Name = HOME-349281B2C7 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/8/2010 6:18:14 AM | Computer Name = HOME-349281B2C7 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/12/2010 4:41:26 PM | Computer Name = HOME-349281B2C7 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 10/12/2010 4:41:56 PM | Computer Name = HOME-349281B2C7 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McNaiAnn service.

Error - 10/12/2010 4:42:43 PM | Computer Name = HOME-349281B2C7 | Source = DCOM | ID = 10010
Description = The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register
with DCOM within the required timeout.

Error - 10/16/2010 8:19:57 AM | Computer Name = HOME-349281B2C7 | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report > Otl.txt---- OTL logfile created on: 10/17/2010 9:00:37 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 425.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 41.81 Gb Free Space | 56.13% Space Free | Partition Type: NTFS
Drive D: | 677.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-349281B2C7 | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Home\Local Settings\Temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (JL2005C) -- C:\WINDOWS\System32\Drivers\jl2005c.sys File not found
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (iastor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-261903793-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1078081533-261903793-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1078081533-261903793-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1078081533-261903793-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
IE - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1078081533-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/13 01:27:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/19 14:30:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/08 08:14:57 | 000,000,000 | ---D | M]

[2009/11/16 23:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2009/04/08 08:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/17 08:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\ko2irzny.default\extensions
[2010/04/28 06:07:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\ko2irzny.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/02 23:25:13 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\ko2irzny.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/18 16:07:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\ko2irzny.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/17 08:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/08 08:39:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 07:14:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100914230817.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1078081533-261903793-839522115-1003..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1078081533-261903793-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1078081533-261903793-839522115-1003..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O15 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-1078081533-261903793-839522115-1003\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/ ... cab?v=1043 (SonyOnlineInstallerX)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/01 14:16:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/13 17:05:24 | 001,572,864 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001/07/25 18:36:12 | 000,000,135 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3fd13550-1eb6-11de-a41e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3fd13550-1eb6-11de-a41e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fd13550-1eb6-11de-a41e-806d6172696f}\Shell\AutoRun\command - "" = D:\autoRcd.exe -- File not found
O33 - MountPoints2\{8a555b99-be8e-11df-a5ec-00123f7e8c22}\Shell - "" = AutoRun
O33 - MountPoints2\{8a555b99-be8e-11df-a5ec-00123f7e8c22}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a555b99-be8e-11df-a5ec-00123f7e8c22}\Shell\AutoRun\command - "" = F:\Imageviewer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/17 08:56:16 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/10/12 18:22:59 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/12 18:22:59 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/12 18:22:44 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/10 08:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/08 08:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/02 23:22:16 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/10/01 15:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2010/09/18 12:23:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/17 08:56:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/10/17 08:24:02 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-261903793-839522115-1003UA.job
[2010/10/17 08:11:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/17 05:24:10 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-261903793-839522115-1003Core.job
[2010/10/16 20:11:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/16 08:16:13 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/10/16 08:15:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/15 15:34:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/14 20:52:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 20:39:07 | 000,441,546 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/14 20:39:07 | 000,071,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/13 03:26:17 | 000,129,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 03:09:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/10 09:50:59 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\HiJackThis.lnk
[2010/10/08 08:14:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/02 23:22:13 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2010/10/02 23:22:13 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities.lnk
[2010/09/23 22:20:08 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Google Chrome.lnk
[2010/09/23 22:20:08 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/18 19:57:29 | 000,656,992 | ---- | M] () -- C:\Documents and Settings\Home\My Documents\Amy's 40th.JPG
[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll
[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/10 08:40:33 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\HiJackThis.lnk
[2010/10/08 08:14:57 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/18 19:57:29 | 000,656,992 | ---- | C] () -- C:\Documents and Settings\Home\My Documents\Amy's 40th.JPG
[2010/07/22 15:20:48 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/05/02 21:29:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/27 13:56:59 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/31 19:28:42 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0519.old
[2009/12/31 19:28:42 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/06/06 14:32:40 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/06/06 14:32:40 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/06/06 14:32:40 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/06/06 14:27:39 | 000,000,089 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2009/06/03 12:29:04 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/06/03 12:28:47 | 000,000,019 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2009/06/01 16:59:25 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\TheHunterSettings.cfg
[2009/04/10 19:06:30 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/09 21:21:12 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/09 21:21:06 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/09 21:21:06 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/09 21:21:06 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/09 21:21:03 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/09 15:16:15 | 000,005,872 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2009/04/09 14:57:04 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2009/04/09 14:57:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/04/07 14:42:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\Pt.dll
[2009/04/07 14:35:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2009/04/04 12:28:27 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/01 14:24:17 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\fusioncache.dat
[2009/04/01 08:47:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/19 11:54:00 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
padar9
Active Member
 
Posts: 9
Joined: October 10th, 2010, 9:17 am

Re: artemis virus help plz

Unread postby deltalima » October 17th, 2010, 3:31 pm

Hi padar9,

Please post the log rom the GMER scan, if you have problems running GMER hen please run this alternative scan.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: artemis virus help plz

Unread postby padar9 » October 18th, 2010, 7:43 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF65DB000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 3891200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1CD000 C:\WINDOWS\System32\ati3duag.dll 3821568 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF572000 C:\WINDOWS\System32\ativvaxx.dll 2670592 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB2663000 C:\WINDOWS\system32\drivers\sigfilt.sys 1351680 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF63E3000 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 1343488 bytes (Intel Corporation, Modem DSP Driver)
0xAAB12000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 749568 bytes
0xF73B6000 iaStor.sys 749568 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xBF065000 C:\WINDOWS\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF634B000 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 622592 bytes (Intel Corporation, Modem CP Driver)
0xF7227000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0FE000 C:\WINDOWS\System32\atikvmag.dll 540672 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB23D8000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xB2453000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF61C2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF72DE000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xB2571000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA81FE000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF182000 C:\WINDOWS\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xF6278000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA82CE000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF733B000 PCTCore.sys 233472 bytes (PC Tools, PC Tools KDS Core Driver)
0xA87E0000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 196608 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xF6248000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF74C3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF6572000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 184320 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xF71FA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB27D1000 C:\WINDOWS\system32\drivers\sthda.sys 184320 bytes (SigmaTel, Inc., DELLRC)
0xA75AD000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB24C3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF659F000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB2510000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA8810000 C:\WINDOWS\system32\drivers\ctusfsyn.sys 159744 bytes (Creative Technology Ltd., Creative SoundFont Synthesizer)
0xA87BA000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 155648 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xF746D000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB254B000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF62EB000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB27AD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF654E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF652B000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB24EE000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74F1000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7493000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF71E0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF739E000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7386000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF72C7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6320000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA7718000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0xA88AD000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6337000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
0xF65C7000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB25CA000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB2538000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xF72B4000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7374000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74B2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF630F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xABAF4000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF6A21000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF0A9E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF6A11000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAC999000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF0A8E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7652000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF6A01000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7632000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF05AA000 C:\WINDOWS\System32\Drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA7C96000 C:\WINDOWS\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xF7762000 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 49152 bytes (Intel Corporation, Modem AFE Driver)
0xF69E1000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF0A3E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7772000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xA7D8E000 C:\WINDOWS\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF7622000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF69F1000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7612000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF107C000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF69C1000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7642000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF05BA000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7752000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF69D1000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF0A4E000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7608000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7662000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF0A5E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78A2000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF0B4B000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF0B43000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF78EA000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF0F85000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78DA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF0F9D000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7892000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF79EA000 C:\Program Files\Spyware Doctor\PCTSDInj32.sys 28672 bytes
0xF7912000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF0B5B000 C:\WINDOWS\System32\Drivers\LUsbFilt.Sys 24576 bytes (Logitech, Inc., Logitech USB Filter Driver.)
0xF78E2000 C:\WINDOWS\system32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xF791A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78D2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF0F95000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF0F8D000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF789A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7902000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF790A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF78FA000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAAF13000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF007E000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF144B000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF6FE5000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB01FF000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A22000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEFD38000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF008E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF0076000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7197000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF0BF1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B2E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B16000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B2C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B12000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B30000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B32000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B6E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B2A000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B14000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CAD000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xAB5B3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF0097000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xEFF3A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BDA000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xAB319000 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 4096 bytes (TuneUp Software, TuneUp Utilities Driver)
==============================================
>Stealth
==============================================
0x053F0000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 126976 bytes
0x03250000 Hidden Image-->System.XML.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 2060288 bytes
0x044D0000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 266240 bytes
0x04260000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 270336 bytes
0x00F80000 Hidden Image-->log4net.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 282624 bytes
0x03D60000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x85D3E738 ] PID: 600, 28672 bytes
0x03F20000 Hidden Image-->System.Data.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 2961408 bytes
0x04A30000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 307200 bytes
0x03480000 Hidden Image-->System.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 3158016 bytes
0x05300000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 421888 bytes
0x031E0000 Hidden Image-->System.configuration.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 438272 bytes
0x03B40000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x85D3E738 ] PID: 600, 45056 bytes
0x042D0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 479232 bytes
0x04C80000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 5033984 bytes
0x05260000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x84EF7798 ] PID: 2136, 634880 bytes
0x02DB0000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x85D3E738 ] PID: 600, 77824 bytes
0x03E40000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x84EF7798 ] PID: 2136, 872448 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x805B1FE6-->F731112E [mfehidk.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x805CB3FA-->F7311058 [mfehidk.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Inline - RelativeJump 0x805CB686-->F731106C [mfehidk.sys]
ntkrnlpa.exe-->NtSetSecurityObject, Type: Inline - RelativeJump 0x805C05DA-->F7311104 [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x805B2DF4-->F7311144 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x80504B08-->F7311118 [mfehidk.sys]
[1628]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1628]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[1628]explorer.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[1628]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1628]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1628]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1628]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1628]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1628]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1628]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1628]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1628]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1628]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1628]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100117C-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1628]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1628]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1628]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1628]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1628]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1628]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[1628]explorer.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[1628]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1628]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[1628]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1628]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1628]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6D5F-->00000000 [unknown_code_page]
[1628]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1628]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1628]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [unknown_code_page]
[1628]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1628]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1856]services.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[1856]services.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[1856]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1856]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1856]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1856]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1856]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1856]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1856]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1856]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1856]services.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1856]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1856]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1856]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1856]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1856]services.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[1856]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1868]lsass.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[1868]lsass.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[1868]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1868]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1868]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1868]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1868]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1868]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1868]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1868]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1868]lsass.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1868]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1868]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1868]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1868]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1868]lsass.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[1868]lsass.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[1868]lsass.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[1868]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[2260]dllhost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[2260]dllhost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[2260]dllhost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2260]dllhost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2260]dllhost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[2260]dllhost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[2260]dllhost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2260]dllhost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[2260]dllhost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2260]dllhost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[2260]dllhost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2260]dllhost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[2260]dllhost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2260]dllhost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[2260]dllhost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2260]dllhost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[2260]dllhost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[2260]dllhost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[2260]dllhost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[252]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[252]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[252]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[252]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[252]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[252]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[252]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[252]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[252]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[252]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[252]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[252]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[252]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[252]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[252]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[252]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[252]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[252]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[252]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[2740]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [McProxy.dll]
[2740]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [McProxy.dll]
[2956]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[2956]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[2956]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2956]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2956]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[2956]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[2956]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2956]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[2956]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2956]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[2956]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2956]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[2956]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x71A512BC-->00000000 [unknown_code_page]
[2956]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2956]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[2956]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2956]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[2956]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[2956]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[2956]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[3056]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[3056]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[3056]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3056]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3056]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[3056]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[3056]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3056]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[3056]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3056]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[3056]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[3056]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[3056]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3056]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[3056]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3056]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[3056]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[3056]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[3244]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[3244]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[3244]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3244]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3244]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[3244]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[3244]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3244]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[3244]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3244]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[3244]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[3244]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[3244]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3244]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[3244]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3244]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[3244]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[3244]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[3244]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[412]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[412]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[412]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[412]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x71A512BC-->00000000 [unknown_code_page]
[412]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[412]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[412]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[412]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[412]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[412]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[412]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[572]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[572]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[572]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[572]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[572]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[572]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[572]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[572]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[572]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[572]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[572]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[572]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[572]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x71A512BC-->00000000 [unknown_code_page]
[572]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[572]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[572]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[572]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[572]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[572]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[572]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[572]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[572]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6D5F-->00000000 [unknown_code_page]
[572]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[572]svchost.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [unknown_code_page]
[572]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[620]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[620]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[620]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[620]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[620]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[620]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[620]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[620]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[620]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[620]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[620]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[620]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[620]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[620]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[620]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[620]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[620]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[620]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[680]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[680]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[680]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[680]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[680]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[680]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[680]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[680]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[680]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[680]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[680]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[680]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[680]svchost.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x71A512BC-->00000000 [unknown_code_page]
[680]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[680]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[680]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[680]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[680]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[680]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[680]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[868]svchost.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [unknown_code_page]
[868]svchost.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77DD12F0-->00000000 [unknown_code_page]
[868]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[868]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[868]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[868]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[868]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[868]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[868]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[868]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[868]svchost.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[868]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[868]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[868]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[868]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[868]svchost.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [unknown_code_page]
[868]svchost.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C9C16DC-->00000000 [unknown_code_page]
[868]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [unknown_code_page]
[868]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
padar9
Active Member
 
Posts: 9
Joined: October 10th, 2010, 9:17 am

Re: artemis virus help plz

Unread postby deltalima » October 19th, 2010, 3:29 am

Hi padar9,

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: artemis virus help plz

Unread postby padar9 » October 19th, 2010, 11:05 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7B12000 \WINDOWS\system32\KDCOM.DLL
0xF7A22000 \WINDOWS\system32\BOOTVID.dll
0xF74F1000 fltmgr.sys
0xF74C3000 ACPI.sys
0xF7B14000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74B2000 pci.sys
0xF7612000 isapnp.sys
0xF7BDA000 pciide.sys
0xF7892000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7622000 MountMgr.sys
0xF7493000 ftdisk.sys
0xF7B16000 dmload.sys
0xF746D000 dmio.sys
0xF789A000 PartMgr.sys
0xF7632000 VolSnap.sys
0xF73B6000 iaStor.sys
0xF739E000 atapi.sys
0xF78A2000 cercsr6.sys
0xF7386000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7642000 disk.sys
0xF7652000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7374000 sr.sys
0xF733B000 PCTCore.sys
0xF72DE000 mfehidk.sys
0xF7662000 PxHelp20.sys
0xF72C7000 KSecDD.sys
0xF72B4000 WudfPf.sys
0xF7227000 Ntfs.sys
0xF71FA000 NDIS.sys
0xF71E0000 Mup.sys
0xF7722000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6575000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6561000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6539000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF650C000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF78DA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF64E8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7732000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xF64C5000 \SystemRoot\system32\DRIVERS\ks.sys
0xF637D000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xF62E5000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xF78EA000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xF78F2000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7742000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7752000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7762000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7C94000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF62D1000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF7772000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71A7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF62BA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7782000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF69BB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78FA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF62A9000 \SystemRoot\system32\DRIVERS\psched.sys
0xF69AB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6285000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF6212000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7902000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF790A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF61E2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF699B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7912000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF791A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B6E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6184000 \SystemRoot\system32\DRIVERS\update.sys
0xF6FF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF130B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF07CD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB27D1000 \SystemRoot\system32\drivers\sthda.sys
0xB27AD000 \SystemRoot\system32\drivers\portcls.sys
0xF079D000 \SystemRoot\system32\drivers\drmk.sys
0xB2663000 \SystemRoot\system32\drivers\sigfilt.sys
0xF078D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B28000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B2A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEFD2C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B2C000 \SystemRoot\System32\Drivers\Beep.SYS
0xF0D7A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF0D72000 \SystemRoot\System32\drivers\vga.sys
0xF7B2E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B30000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF0D6A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF0D62000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF0E4E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2610000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB25B7000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB2591000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB257E000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xB252E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF075D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB250C000 \SystemRoot\System32\drivers\afd.sys
0xF074D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB24E1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB2471000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF02CB000 \SystemRoot\System32\Drivers\Fips.SYS
0xF033E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF02BB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF087A000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0xF02AB000 \SystemRoot\System32\Drivers\WDFLDR.SYS
0xB23F6000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xEF7D6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF0872000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xEF7CA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF086A000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xAB407000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA1F6000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xEF7BA000 \SystemRoot\System32\drivers\Dxapi.sys
0xAA631000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xAB4EC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF182000 \SystemRoot\System32\atiok3x2.dll
0xBF1CD000 \SystemRoot\System32\ati3duag.dll
0xBF572000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB01F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7F41000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7812000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7ECC000 \SystemRoot\system32\drivers\ctusfsyn.sys
0xA7E9C000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xA7E76000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xA79B2000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7BFB000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xA7842000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7C02000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xF4D43000 \SystemRoot\system32\drivers\cfwids.sys
0xA6D69000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA746A000 \SystemRoot\system32\drivers\mfebopk.sys
0xA6BFE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
1384 C:\WINDOWS\system32\smss.exe
1584 csrss.exe
1712 C:\WINDOWS\system32\winlogon.exe
1804 C:\WINDOWS\system32\services.exe
1816 C:\WINDOWS\system32\lsass.exe
2004 C:\WINDOWS\system32\ati2evxx.exe
2024 C:\WINDOWS\system32\svchost.exe
348 svchost.exe
508 C:\WINDOWS\system32\svchost.exe
568 C:\WINDOWS\system32\svchost.exe
644 svchost.exe
804 svchost.exe
928 C:\WINDOWS\system32\ati2evxx.exe
1056 C:\WINDOWS\system32\spoolsv.exe
1536 C:\WINDOWS\explorer.exe
464 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
480 C:\WINDOWS\stsystra.exe
488 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
668 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
712 C:\WINDOWS\system32\ctfmon.exe
728 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
460 C:\WINDOWS\system32\CTSVCCDA.EXE
1152 C:\WINDOWS\ehome\ehrecvr.exe
1304 C:\WINDOWS\ehome\ehSched.exe
2144 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
2160 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
2260 C:\Program Files\Java\jre6\bin\jqs.exe
2364 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
2748 C:\Program Files\Common Files\Motive\McciCMService.exe
2832 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2872 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
2928 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
2956 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
3008 svchost.exe
3136 C:\WINDOWS\system32\svchost.exe
3288 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
3396 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
3596 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2604 McrdSvc.exe
3828 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
1200 C:\WINDOWS\system32\dllhost.exe
1064 alg.exe
3488 C:\WINDOWS\system32\svchost.exe
2652 C:\Program Files\McAfee.com\Agent\mcagent.exe
2608 C:\Documents and Settings\Home\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST380819AS, Rev: 8.03

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
padar9
Active Member
 
Posts: 9
Joined: October 10th, 2010, 9:17 am

Re: artemis virus help plz

Unread postby padar9 » October 19th, 2010, 11:27 pm

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4887

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/19/2010 11:26:32 PM
mbam-log-2010-10-19 (23-26-32).txt

Scan type: Quick scan
Objects scanned: 147750
Time elapsed: 13 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Home\Favorites\Free Porn Sex Porno Home.url (Rogue.Link) -> Quarantined and deleted successfully.
padar9
Active Member
 
Posts: 9
Joined: October 10th, 2010, 9:17 am

Re: artemis virus help plz

Unread postby deltalima » October 20th, 2010, 3:35 am

Hi padar9,

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: artemis virus help plz

Unread postby padar9 » October 21st, 2010, 3:12 pm

KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 21, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 20, 2010 12:00:57
Records in database: 4189449
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 83945
Threats found: 9
Infected objects found: 12
Suspicious objects found: 0
Scan duration: 02:19:14


File name / Threat / Threats count
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\35\738d57a3-7d1b2718 Infected: Trojan-Downloader.Java.Agent.dc 1
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\35\738d57a3-7d1b2718 Infected: Trojan-Downloader.Java.Agent.dd 1
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\35\738d57a3-7d1b2718 Infected: Trojan-Downloader.Java.Agent.de 1
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\42\3e57d06a-3f43d036 Infected: Exploit.Java.Agent.a 1
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\42\3e57d06a-3f43d036 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\44\c9f01ac-60bc9490 Infected: Exploit.Java.Agent.n 1
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\45\16e8e46d-4b5d66cb Infected: Trojan.Java.Agent.i 1
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\45\16e8e46d-4b5d66cb Infected: Trojan.Java.Agent.h 1
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\48\1b17d530-78f04e5b Infected: Trojan-Downloader.Java.Agent.dc 1
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\48\1b17d530-78f04e5b Infected: Trojan-Downloader.Java.Agent.dd 1
C:\Documents and Settings\Home\Application Data\Sun\Java\Deployment\cache\6.0\48\1b17d530-78f04e5b Infected: Trojan-Downloader.Java.Agent.de 1
C:\Documents and Settings\Home\My Documents\LimeWire\Saved\The Outfield - All the love in the world.wma Infected: Trojan-Downloader.WMA.Wimad.x 1

Selected area has been scanned.
padar9
Active Member
 
Posts: 9
Joined: October 10th, 2010, 9:17 am

Re: artemis virus help plz

Unread postby deltalima » October 21st, 2010, 3:25 pm

Hi padar9,

Using Windows Explorer (to get there right-click your Start button and go to Explore), please delete this file (if present):

C:\Documents and Settings\Home\My Documents\LimeWire\Saved\The Outfield - All the love in the world.wma

I would strongly recommend that you also remove all files that have been downloaded using LimeWire

Next

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Now run another scan with Kaspersky and post the new log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: artemis virus help plz

Unread postby padar9 » October 22nd, 2010, 3:19 am

nothing found in Kaspersky scan.
padar9
Active Member
 
Posts: 9
Joined: October 10th, 2010, 9:17 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware