Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Tab Redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Tab Redirects

Unread postby !B_MS9Qv » October 10th, 2010, 7:16 pm

Hi

Here are the symptoms:
1) Desktop theme keeps reverting to windows XP
2) Browser tabs are redirected and sometimes pop up by themselves (both firefox and IE)
3) 10 or so unknown IP addresses (some have "ads" or "games" in the url) were actively up and downloading under "generic host processes" I have cut off web access through my firewall.
4) Occasional boot hang at windows welcome screen.
5) Programs load slow.

What I have tried:
1) Ran CCleaner and ATF cleaner.
2) Malwarebytes found a couple things and eliminated them
3) Superantispyware-clean
4) Spybot-clean
5) AVGfree-clean

Please help if you can and thank you!
Last edited by !B_MS9Qv on October 14th, 2010, 3:02 am, edited 1 time in total.
!B_MS9Qv
Active Member
 
Posts: 11
Joined: October 10th, 2010, 6:55 pm
Advertisement
Register to Remove

Re: Browser Tab Redirects

Unread postby deltalima » October 12th, 2010, 7:20 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser Tab Redirects

Unread postby deltalima » October 12th, 2010, 7:28 am

Hi !B_MS9Qv,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

The HijackThis log that you posted is unreadable and was generated with an old version (v2.0.2) of the program.

Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please ensure that the posted log is not interrupted with unnecessary line breaks (see other posts in this forum for the correct format).
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser Tab Redirects

Unread postby !B_MS9Qv » October 13th, 2010, 12:17 am

Thank you for your assistance. Here is the new log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:15:19 PM, on 10/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\BasicISP HiSpeed\hispeedcore.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BasicISP HiSpeed\hispeedgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\BasicISP HiSpeed\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\BasicISP HiSpeed\Prefetch.dll
O3 - Toolbar: BasicISP HiSpeed - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\BasicISP HiSpeed\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\BasicISP HiSpeed\hispeedcore.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: BasicISP HiSpeed.lnk = C:\Program Files\BasicISP HiSpeed\hispeedgui.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\BasicISP HiSpeed\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\BasicISP HiSpeed\gui_resource.dll/328
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35880CDC-003A-4D70-9597-0B31F99DF9A9}: NameServer = 64.136.173.5 64.136.164.77
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6470 bytes
!B_MS9Qv
Active Member
 
Posts: 11
Joined: October 10th, 2010, 6:55 pm

Re: Browser Tab Redirects

Unread postby deltalima » October 13th, 2010, 5:17 am

Hi !B_MS9Qv,

I see you have also requested help at another forum

http://forums.devshed.com/antivirus-pro ... 52647.html

It is not possible for two helpers to work on the same problem, please close the topic at that forum.

Please remove Spybot - Search & Destroy as it will interfere with any fixes that we make, it can be reinstalled later if required.

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Spybot - Search & Destroy
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Now reboot the computer.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser Tab Redirects

Unread postby !B_MS9Qv » October 14th, 2010, 2:54 am

Hi deltalima

Thread at devshed closed, Spybot removed, here are the OTL logs: (due to max character limit GMER will be posted separately)

OTL logfile created on: 10/13/2010 7:46:41 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 139.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 6.47 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
Drive D: | 451.11 Gb Total Space | 17.91 Gb Free Space | 3.97% Space Free | Partition Type: NTFS
Drive H: | 1863.02 Gb Total Space | 579.78 Gb Free Space | 31.12% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 908.53 Gb Free Space | 97.53% Space Free | Partition Type: NTFS

Computer Name: DESK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\BasicISP HiSpeed\hispeedcore.exe (SlipStream Data Inc.)
PRC - C:\Program Files\BasicISP HiSpeed\hispeedgui.exe (SlipStream Data Inc.)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe (Sunbelt Software, Inc.)
PRC - C:\Program Files\Hard Drive Inspector\HDInspector.exe (Altrixsoft)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\HDDSvc.exe (AltrixSoft (http://www.altrixsoft.com/))


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SPF4) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe (Sunbelt Software, Inc.)
SRV - (SbPF.Launcher) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe (Sunbelt Software, Inc.)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (HDDSvc) -- C:\WINDOWS\system32\HDDSvc.exe (AltrixSoft (http://www.altrixsoft.com/))


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (sbhips) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (atapi) -- C:\WINDOWS\system32\DRIVERS\atapi.sys ()
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Si3112) -- C:\WINDOWS\system32\DRIVERS\SI3112.sys (Silicon Image, Inc.)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (d346prt) -- C:\WINDOWS\System32\Drivers\d346prt.sys ( )
DRV - (d346bus) -- C:\WINDOWS\system32\DRIVERS\d346bus.sys ( )
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (amdagpxp) -- C:\WINDOWS\system32\DRIVERS\amdagpxp.sys (AMD)
DRV - (sbpci) Sound Blaster PCI128 Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sbpci.sys (Creative Technology Ltd.)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-1677128483-842925246-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/firefox
IE - HKU\S-1-5-21-606747145-1677128483-842925246-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.62

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/10/09 17:35:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/14 09:24:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/08 11:23:42 | 000,000,000 | ---D | M]

[2010/07/03 18:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/11 10:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7g7pul3.default\extensions
[2010/07/05 21:10:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7g7pul3.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2010/08/28 16:59:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7g7pul3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/11 10:11:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/05 20:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}
[2010/07/05 20:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}

O1 HOSTS File: ([2010/10/08 23:02:41 | 000,421,609 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14540 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (NOW!Imaging) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\BasicISP HiSpeed\components\NOWImaging.dll (SlipStream Data Inc.)
O2 - BHO: (Prefetch) - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\BasicISP HiSpeed\Prefetch.dll (SlipStream Data Inc.)
O3 - HKLM\..\Toolbar: (BasicISP HiSpeed) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\BasicISP HiSpeed\Toolband.dll (SlipStream Data Inc.)
O3 - HKU\S-1-5-21-606747145-1677128483-842925246-500\..\Toolbar\WebBrowser: (BasicISP HiSpeed) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\BasicISP HiSpeed\Toolband.dll (SlipStream Data Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe (Altrixsoft)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SlipStream] C:\Program Files\BasicISP HiSpeed\hispeedcore.exe (SlipStream Data Inc.)
O4 - HKU\S-1-5-21-606747145-1677128483-842925246-500..\Run: [DriverMax] File not found
O4 - HKU\S-1-5-21-606747145-1677128483-842925246-500..\Run: [DriverMax_RESTART] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BasicISP HiSpeed.lnk = C:\Program Files\BasicISP HiSpeed\hispeedgui.exe (SlipStream Data Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-21-606747145-1677128483-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-606747145-1677128483-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-21-606747145-1677128483-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\BasicISP HiSpeed\sliplsp.dll (SlipStream Data Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\BasicISP HiSpeed\sliplsp.dll (SlipStream Data Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/03 12:03:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{04571cc5-86f0-11df-a772-85a748831497}\Shell - "" = AutoRun
O33 - MountPoints2\{04571cc5-86f0-11df-a772-85a748831497}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{04571cc5-86f0-11df-a772-85a748831497}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{448e51a6-c13c-11df-9c2a-ec644ec9bf9a}\Shell - "" = AutoRun
O33 - MountPoints2\{448e51a6-c13c-11df-9c2a-ec644ec9bf9a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{448e51a6-c13c-11df-9c2a-ec644ec9bf9a}\Shell\AutoRun\command - "" = J:\EasyCopy.exe -- File not found
O33 - MountPoints2\{71ef9b8f-b7d0-11df-9c17-0010b560d939}\Shell - "" = AutoRun
O33 - MountPoints2\{71ef9b8f-b7d0-11df-9c17-0010b560d939}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71ef9b8f-b7d0-11df-9c17-0010b560d939}\Shell\AutoRun\command - "" = J:\EasyCopy.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/13 08:58:04 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/10 14:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVI ReComp
[2010/10/10 14:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/10/10 14:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/10/10 14:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/10/10 14:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVI ReComp
[2010/10/10 14:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\progs
[2010/10/10 14:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/09 15:41:48 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/10/09 15:41:48 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/10/09 15:41:27 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/10/09 15:41:27 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/10/09 15:41:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/10/09 15:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/09 15:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/09 13:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/08 22:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/08 22:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/08 21:31:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/10/08 21:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/10/08 18:38:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/10/08 17:40:30 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/10/07 21:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/10/07 21:22:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/07 21:21:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/07 21:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/07 21:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/07 19:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/07 19:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/10/07 19:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/07 16:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help
[2010/10/03 13:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/03 13:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\FileScavenger
[2010/10/03 13:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/02 14:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HV335T_Flash_D2.09_20100607_Beta.rar
[2010/09/21 19:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\HV335T_Flash_V2.0
[2010/09/21 18:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\HandBrake
[2010/09/21 18:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2010/09/21 18:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/09/19 22:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\QPShell3.0
[2010/09/19 19:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/09/19 17:13:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/09/19 17:13:32 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/09/19 17:13:31 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/07/05 19:45:30 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2010/07/05 19:45:30 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[2010/07/03 18:51:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/13 19:44:12 | 000,186,500 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/13 19:42:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/13 19:42:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/13 19:24:57 | 280,134,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gdb 1.st3
[2010/10/13 09:03:47 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe
[2010/10/13 09:01:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/12 18:26:44 | 066,162,207 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/12 18:13:43 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/10/12 18:00:27 | 000,005,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mine.Theme
[2010/10/12 09:34:03 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\12.doc
[2010/10/10 21:50:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/10 14:53:05 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVI ReComp.lnk
[2010/10/09 15:41:49 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/10/09 15:41:48 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/10/09 15:41:48 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/10/09 15:41:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/10/09 15:41:27 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/10/09 15:41:27 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/10/08 23:02:41 | 000,421,609 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/08 17:30:06 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2010/10/07 21:22:06 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/07 19:36:26 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/07 18:13:37 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2010/10/03 22:23:07 | 393,239,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\10-3.fss
[2010/10/03 15:31:07 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\License.reg
[2010/10/02 22:17:11 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2010/09/29 16:03:37 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word.lnk
[2010/09/21 18:55:45 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Handbrake.lnk
[2010/09/19 19:58:31 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Easy-PhotoPrint.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/13 19:09:40 | 280,134,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gdb 1.st3
[2010/10/13 09:02:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe
[2010/10/12 18:13:35 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/10/12 09:03:02 | 000,110,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\12.doc
[2010/10/10 14:53:05 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVI ReComp.lnk
[2010/10/09 15:41:49 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/10/09 15:41:27 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/10/09 15:41:24 | 066,162,207 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/07 21:22:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/07 19:36:26 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/07 18:08:55 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2010/10/06 08:52:42 | 000,005,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mine.Theme
[2010/10/03 22:21:01 | 393,239,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\10-3.fss
[2010/10/03 15:31:07 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\License.reg
[2010/09/21 18:55:45 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Handbrake.lnk
[2010/09/19 19:58:31 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Easy-PhotoPrint.lnk
[2010/08/20 18:47:05 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/08/20 18:47:05 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/08/20 18:46:48 | 000,075,417 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/08/20 18:46:02 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2010/07/06 07:08:47 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3i.DLL
[2010/07/06 00:05:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/05 21:34:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/03 18:51:14 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2010/07/03 18:51:10 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2010/07/03 18:51:10 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2010/07/03 18:51:10 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2010/07/03 18:32:16 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/07/03 18:32:16 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/07/03 18:32:16 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/03 01:37:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/07 04:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/07 04:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/28 08:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/05/16 08:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 08:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 08:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 08:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 08:31:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 00:10:32 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/03/15 19:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

< End of report >


OTL Extras logfile created on: 10/13/2010 7:46:41 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 139.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 6.47 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
Drive D: | 451.11 Gb Total Space | 17.91 Gb Free Space | 3.97% Space Free | Partition Type: NTFS
Drive H: | 1863.02 Gb Total Space | 579.78 Gb Free Space | 31.12% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 908.53 Gb Free Space | 97.53% Space Free | Partition Type: NTFS

Computer Name: DESK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-606747145-1677128483-842925246-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}" =
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B695F0BF-D610-4C5E-B7AC-C9FF6C172CC0}" = Diskeeper 2008 Pro Premier
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"7-Zip" = 7-Zip 4.65
"AnyDVD" = AnyDVD
"AutoUnpack_is1" = AutoUnpack 4.5.2
"AVG9Uninstall" = AVG Free 9.0
"AVI ReComp" = AVI ReComp 1.5.1
"Avisynth" = AviSynth 2.5
"Better File Rename_is1" = Better File Rename 4.5.5
"BNR2 0.14.6 Beta_is1" = Binary News Reaper 0.14.6 Beta
"CANONBJ_Deinstall_CNMCP3i.DLL" = Canon S9000
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"DMX5_is1" = DriverMax 5
"DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.0.1 Home Edition
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Handbrake" = Handbrake 0.9.4
"Hard Drive Inspector" = Hard Drive Inspector Professional 2.90 build # 467
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero 6.x Audio + Video Plugins1.0.0.0" = Nero 6.x Audio + Video Plugins
"NeroVision!UninstallKey" = NeroVision Express 3
"NVIDIA Drivers" = NVIDIA Drivers
"PAR Buddy_is1" = PAR Buddy 2.60 (32 bit)
"QuickPar" = QuickPar 0.9
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RealAlt_is1" = Real Alternative 2.0.2
"Revo Uninstaller" = Revo Uninstaller 1.83
"Search and Recover 4_is1" = iolo technologies' Search and Recover 4
"SlipStream" = BasicISP HiSpeed
"Unlocker" = Unlocker 1.9.0
"VobSub" = VobSub 2.23
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2010 9:53:52 PM | Computer Name = DESK | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR The Diskeeper News and Information
feature was unable to contact the Diskeeper Corporation web server. Ensure this
computer has Internet access. The Error Code is 5.

Error - 8/7/2010 2:36:19 AM | Computer Name = DESK | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR The Diskeeper News and Information
feature was unable to contact the Diskeeper Corporation web server. Ensure this
computer has Internet access. The Error Code is 5.

Error - 8/15/2010 11:48:28 PM | Computer Name = DESK | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR The Diskeeper News and Information
feature was unable to contact the Diskeeper Corporation web server. Ensure this
computer has Internet access. The Error Code is 5.

Error - 8/18/2010 5:29:11 AM | Computer Name = DESK | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR The Diskeeper News and Information
feature was unable to contact the Diskeeper Corporation web server. Ensure this
computer has Internet access. The Error Code is 5.

[ System Events ]
Error - 10/3/2010 9:16:02 PM | Computer Name = DESK | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/3/2010 9:16:02 PM | Computer Name = DESK | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/7/2010 11:31:17 PM | Computer Name = DESK | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 10/8/2010 10:57:32 PM | Computer Name = DESK | Source = Print | ID = 6161
Description = The document If you have infection issue... owned by Administrator
failed to print on printer Canon S9000. Data type: NT EMF 1.008. Size of the spool
file in bytes: 589824. Number of bytes printed: 223412. Total number of pages in
the document: 4. Number of pages printed: 3. Client machine: \\DESK. Win32 error
code returned by the print processor: 122 (0x7a).

Error - 10/9/2010 6:26:21 PM | Computer Name = DESK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 10/10/2010 6:35:43 PM | Computer Name = DESK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 10/11/2010 4:12:08 PM | Computer Name = DESK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 10/12/2010 3:07:34 PM | Computer Name = DESK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 10/13/2010 12:01:52 AM | Computer Name = DESK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 10/13/2010 2:43:35 PM | Computer Name = DESK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >
!B_MS9Qv
Active Member
 
Posts: 11
Joined: October 10th, 2010, 6:55 pm

Re: Browser Tab Redirects

Unread postby !B_MS9Qv » October 14th, 2010, 2:58 am

GMER log Part 1:

GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-13 20:38:37
Windows 5.1.2600 Service Pack 3
Running: ike6nz0w.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwClose [0xF1248160]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xF1247868]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateKey [0xF1244320]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF84EFA20]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xF1246E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xF1246D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xF12473FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xF1248210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0xF1244786]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteValueKey [0xF1244846]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF84F04FC]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF84FBE00]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF85C801C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF85C8168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xF1247B54]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenKey [0xF12445CA]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF84F051C]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF84FBD56]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xF12474EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xF1247E8C]
SSDT d346bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF84FB230]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetValueKey [0xF12449BC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xF1247DE0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7827360, 0x37388D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[144] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[144] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[144] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[144] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[144] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[144] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[144] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[144] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[144] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[144] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[240] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[332] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\HDDSvc.exe[400] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\HDDSvc.exe[400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\HDDSvc.exe[400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\HDDSvc.exe[400] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\WINDOWS\system32\HDDSvc.exe[400] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\WINDOWS\system32\HDDSvc.exe[400] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\WINDOWS\system32\HDDSvc.exe[400] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\WINDOWS\system32\HDDSvc.exe[400] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\WINDOWS\system32\HDDSvc.exe[400] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\HDDSvc.exe[400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\HDDSvc.exe[400] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\HDDSvc.exe[400] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[492] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[492] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\WINDOWS\system32\nvsvc32.exe[492] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\WINDOWS\system32\nvsvc32.exe[492] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\WINDOWS\system32\nvsvc32.exe[492] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\WINDOWS\system32\nvsvc32.exe[492] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\WINDOWS\system32\nvsvc32.exe[492] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[580] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!WinExec 7C862AED 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[684] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[720] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[720] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\winlogon.exe[720] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00070F54
.text C:\WINDOWS\system32\winlogon.exe[720] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00070FE0
.text C:\WINDOWS\system32\winlogon.exe[720] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00070D24
.text C:\WINDOWS\system32\winlogon.exe[720] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00070DB0
.text C:\WINDOWS\system32\winlogon.exe[720] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00070E3C
.text C:\WINDOWS\system32\winlogon.exe[720] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00070EC8
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[768] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\services.exe[768] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\services.exe[768] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\services.exe[768] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\services.exe[768] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\services.exe[768] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[780] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\lsass.exe[780] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\lsass.exe[780] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\lsass.exe[780] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\lsass.exe[780] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\lsass.exe[780] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D9000A
.text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DA000A
.text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D8000C
.text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01C1000A
.text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1152] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 01B0000A
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1220] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1220] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1220] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
!B_MS9Qv
Active Member
 
Posts: 11
Joined: October 10th, 2010, 6:55 pm

Re: Browser Tab Redirects

Unread postby !B_MS9Qv » October 14th, 2010, 2:59 am

GMER log part 2:

.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[1240] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\AVG\AVG9\avgrsx.exe[1248] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1324] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[1388] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1636] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\WINDOWS\Explorer.EXE[1900] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE000A
.text C:\WINDOWS\Explorer.EXE[1900] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BF000A
.text C:\WINDOWS\Explorer.EXE[1900] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B8000C
.text C:\WINDOWS\Explorer.EXE[1900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1900] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1952] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1952] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1952] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1952] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\spoolsv.exe[1952] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\spoolsv.exe[1952] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\spoolsv.exe[1952] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\spoolsv.exe[1952] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\spoolsv.exe[1952] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\spoolsv.exe[1952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1952] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1952] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[2140] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[2140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[2140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[2140] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[2140] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[2140] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[2140] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[2140] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[2140] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\notepad.exe[2264] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\notepad.exe[2264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\notepad.exe[2264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\notepad.exe[2264] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\notepad.exe[2264] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\notepad.exe[2264] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\notepad.exe[2264] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\notepad.exe[2264] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\notepad.exe[2264] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\AVG\AVG9\avgemc.exe[2280] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2432] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\notepad.exe[2440] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\notepad.exe[2440] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\notepad.exe[2440] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\notepad.exe[2440] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\notepad.exe[2440] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\notepad.exe[2440] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\notepad.exe[2440] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\notepad.exe[2440] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\notepad.exe[2440] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2916] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2916] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2916] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2916] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\alg.exe[2916] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\alg.exe[2916] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\alg.exe[2916] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\alg.exe[2916] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\alg.exe[2916] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\alg.exe[2916] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\RUNDLL32.EXE[2960] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Documents and Settings\Administrator\Desktop\ike6nz0w.exe[2964] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Hard Drive Inspector\HDInspector.exe[3000] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\BasicISP HiSpeed\hispeedcore.exe[3048] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00130464
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00130608
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00130F54
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00130FE0
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00130D24
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00130DB0
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00130E3C
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3140] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[3168] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[3168] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[3168] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\ctfmon.exe[3168] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\ctfmon.exe[3168] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\ctfmon.exe[3168] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\ctfmon.exe[3168] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\ctfmon.exe[3168] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\ctfmon.exe[3168] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\NOTEPAD.EXE[3656] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00080EC8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82357B40

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device \FileSystem\Fastfat \FatCdrom 8168FD40

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip 81BC5508
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp 81BC5508

Device \Driver\Cdrom \Device\CdRom0 81E06970
Device \FileSystem\Rdbss \Device\FsWrap 8235E1E8
Device \Driver\Cdrom \Device\CdRom1 81E06970
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 81EA5390
Device \Driver\atapi \Device\Ide\IdePort0 81EA5390
Device \Driver\atapi \Device\Ide\IdePort1 81EA5390
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 81EA5390
Device \Driver\Cdrom \Device\CdRom2 81E06970
Device \FileSystem\Srv \Device\LanmanServer 8169C248

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp 81BC5508
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp 81BC5508

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82356258
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82356258
Device \Driver\SbFw \Device\SBFW 81BC5508
Device \FileSystem\Npfs \Device\NamedPipe 81D97800
Device \FileSystem\Msfs \Device\Mailslot 81C6B770
Device \Driver\d346prt \Device\Scsi\d346prt1 81C68488
Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 81C68488
Device \FileSystem\Fastfat \Fat 8168FD40

AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 81F79318
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 81F79318
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 81F79318
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 81F79318
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 81F79318
Device \FileSystem\Cdfs \Cdfs 81D5A728

---- Modules - GMER 1.0.15 ----

Module _________ F8452000-F846A000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}@DisplayName DAEMON Tools
Reg HKLM\SOFTWARE\Classes\Installer\Products\B3D5AC652003B7E409EF70D1F8FD8341@ProductName DAEMON Tools

---- EOF - GMER 1.0.15 ----
!B_MS9Qv
Active Member
 
Posts: 11
Joined: October 10th, 2010, 6:55 pm

Re: Browser Tab Redirects

Unread postby deltalima » October 14th, 2010, 3:50 am

Hi !B_MS9Qv,

Defogger
Disable Drivers
Please download DeFogger... by jpshortstuff. Save it to your desktop.
  1. Double click DeFogger.exe to run the tool. The application window will appear.
  2. Click the Disable button to disable your CD Emulation drivers.
  3. Click Yes to continue. A 'Finished!' message will appear. Click OK.
  4. Click OK when DeFogger asks to reboot the machine.
Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser Tab Redirects

Unread postby !B_MS9Qv » October 15th, 2010, 1:14 am

Hi deltalima

Defogger ran fine but here is the log anyway.
MBRCheck ran fine-here is the log.
RKUnHooker said it found a parasite within itself and prompted me to remove it. It also gave me an option to choose a drive to scan. I selected C only. Here is the report in 2 parts.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:20 on 14/10/2010 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read atapi.sys
d346prt -> Disabled (Service running -> reboot required)


-=E.O.F=-

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000002bd

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8A36000 \WINDOWS\system32\KDCOM.DLL
0xF8946000 \WINDOWS\system32\BOOTVID.dll
0xF84EE000 d346bus.sys
0xF84C0000 ACPI.sys
0xF8A38000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84AF000 pci.sys
0xF8536000 isapnp.sys
0xF8546000 ohci1394.sys
0xF8556000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF894A000 compbatt.sys
0xF894E000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8A3A000 viaide.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8566000 MountMgr.sys
0xF8490000 ftdisk.sys
0xF8A3C000 dmload.sys
0xF846A000 dmio.sys
0xF87BE000 PartMgr.sys
0xF87C6000 videX32.sys
0xF8576000 VolSnap.sys
0xF8452000
0xF87CE000 ultra.sys
0xF843A000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF8586000 SI3112.sys
0xF8596000 disk.sys
0xF85A6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF841A000 fltMgr.sys
0xF8408000 sr.sys
0xF8952000 SiWinAcc.sys
0xF83F1000 KSecDD.sys
0xF8364000 Ntfs.sys
0xF8337000 NDIS.sys
0xF8A3E000 SiRemFil.sys
0xF831D000 Mup.sys
0xF87D6000 amdagpxp.sys
0xF86C6000 \SystemRoot\system32\DRIVERS\processr.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF76CC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF885E000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF76A8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF886E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8876000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF86F6000 \SystemRoot\system32\DRIVERS\serial.sys
0xF82E0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7683000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8716000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF887E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8886000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8726000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF758B000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xF8736000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8746000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7568000 \SystemRoot\system32\DRIVERS\ks.sys
0xF888E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7DDF000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF74CD000 \SystemRoot\system32\DRIVERS\ltmdmnt.sys
0xF8896000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8BF6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7DBF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF82D4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF74B6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7DAF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7D9F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF88A6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF73B2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7D8F000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF88FE000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF88E6000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF87A6000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF543B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8646000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8786000 \SystemRoot\system32\DRIVERS\sbfwim.sys
0xF8A84000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF53B5000 \SystemRoot\system32\DRIVERS\update.sys
0xF89F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8A1E000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8636000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8766000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8AA0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF88BE000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8AC4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B45000 \SystemRoot\System32\Drivers\Null.SYS
0xF8AC6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF87FE000 \SystemRoot\System32\drivers\vga.sys
0xF8AC8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8ACA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF0C2F000 \SystemRoot\system32\drivers\SbFw.sys
0xF880E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF893E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF2CE4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF1D3B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF85E6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF6264000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF1D2B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF0C1C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF0BC3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF0B89000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF0B63000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF2A73000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF0B3B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF0B19000 \SystemRoot\System32\drivers\afd.sys
0xF2A63000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7D5F000 \SystemRoot\system32\drivers\sbhips.sys
0xF0AF7000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF8816000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF0ACC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF0A5C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8796000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7DCF000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF542B000 \SystemRoot\System32\Drivers\FileDisk.SYS
0xF627C000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xF882E000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF0A28000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF2A43000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF2D08000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xF629C000 \SystemRoot\System32\Drivers\dump_ultra.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7F5F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88C6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BAD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA79C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6936000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xBA48C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8A50000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBA2F5000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA2A9000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB997F000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
596 C:\WINDOWS\system32\smss.exe
680 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
760 C:\WINDOWS\system32\services.exe
772 C:\WINDOWS\system32\lsass.exe
924 C:\WINDOWS\system32\svchost.exe
1064 svchost.exe
1140 C:\WINDOWS\system32\svchost.exe
1204 svchost.exe
1224 C:\Program Files\AVG\AVG9\avgchsvx.exe
1232 C:\Program Files\AVG\AVG9\avgrsx.exe
1304 svchost.exe
1368 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1556 C:\WINDOWS\explorer.exe
1980 C:\WINDOWS\system32\spoolsv.exe
196 svchost.exe
268 C:\Program Files\AVG\AVG9\avgwdsvc.exe
464 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
620 C:\WINDOWS\system32\HDDSvc.exe
128 C:\WINDOWS\system32\nvsvc32.exe
956 C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
1180 C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
1400 C:\Program Files\AVG\AVG9\avgnsx.exe
2180 C:\WINDOWS\system32\svchost.exe
2296 C:\Program Files\AVG\AVG9\avgemc.exe
2404 C:\WINDOWS\system32\rundll32.exe
2452 C:\Program Files\Hard Drive Inspector\HDInspector.exe
2488 C:\WINDOWS\system32\wuauclt.exe
2504 C:\Program Files\BasicISP HiSpeed\hispeedcore.exe
2520 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2572 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2580 C:\WINDOWS\system32\ctfmon.exe
2696 C:\Program Files\BasicISP HiSpeed\hispeedgui.exe
2796 C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
3128 wmiprvse.exe
3348 alg.exe
3744 C:\WINDOWS\system32\notepad.exe
3844 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000003`a9636e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00103e00 (NTFS)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKB-00H8A0, Rev: 05.04E05
PhysicalDrive2 Model Number: SAMSUNGHD203WI, Rev: 1AN10003
PhysicalDrive1 Model Number: SAMSUNGHD203WI, Rev: 1AN10003

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
1863 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
931 GB \\.\PhysicalDrive1 RE: Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF76F2000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6557696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.19 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6111232 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 175.19 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2190080 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2190080 bytes
0x804D7000 RAW 2190080 bytes
0x804D7000 WMIxWDM 2190080 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF74CD000 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys 634880 bytes (Agere Systems, Agere Windows Modem)
0xF8364000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF0A5C000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF53B5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF0BC3000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBA2F5000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB997F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF0C2F000 C:\WINDOWS\system32\drivers\SbFw.sys 266240 bytes (Sunbelt Software, Inc., Sunbelt Personal Firewall driver)
0xF0B89000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF0A28000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF543B000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF84C0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF8337000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBA48C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF0ACC000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF0B3B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF84EE000 d346bus.sys 159744 bytes ( , PnP BIOS Extension)
0xF846A000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF0B63000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xBA2A9000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF76A8000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7568000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF0B19000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF0AF7000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF841A000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8490000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF831D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF8452000 98304 bytes
0xF758B000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 98304 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xF843A000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF83F1000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF74B6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7683000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF76CC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81280 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF0C1C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8408000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF84AF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF73B2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF2A43000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8736000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7DDF000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF8546000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF6936000 C:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0xF86F6000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8586000 SI3112.sys 65536 bytes (Silicon Image, Inc., Serial ATA miniport driver)
0xF7DCF000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF8746000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF8786000 C:\WINDOWS\system32\DRIVERS\sbfwim.sys 61440 bytes (Sunbelt Software, Inc., Sunbelt Personal Firewall NDIS Intermediate driver)
0xF7D5F000 C:\WINDOWS\system32\drivers\sbhips.sys 61440 bytes (Sunbelt Software, Inc., Sunbelt Personal Firewall Host Intrusion Prevention Driver)
0xF8766000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8556000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF85A6000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8716000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7DBF000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8576000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF87A6000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF7D9F000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8796000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8726000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8566000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7DAF000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8536000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8636000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8646000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8596000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF85E6000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7D8F000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF2A63000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEF7F6000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF86C6000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF2A73000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8896000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF893E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF886E000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF87C6000 videX32.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0xF87D6000 amdagpxp.sys 28672 bytes (AMD, AMD WinXP AGP Filter)
0xF629C000 C:\WINDOWS\System32\Drivers\dump_ultra.sys 28672 bytes
0xF8876000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF6264000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF87B6000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF87CE000 ultra.sys 28672 bytes (Promise Technology, Inc., Promise Ultra Series Driver for WindowsXP)
0xF882E000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF8886000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF887E000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8816000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF888E000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF87FE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF627C000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xF88BE000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF880E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87BE000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF88FE000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF88E6000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF88A6000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF885E000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF88C6000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA059000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF894E000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF2D08000 C:\WINDOWS\System32\Drivers\dump_diskdump.sys 16384 bytes
0xF8A1E000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF89F2000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA79C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF82E0000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8946000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF894A000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF7F5F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF542B000 C:\WINDOWS\System32\Drivers\FileDisk.SYS 12288 bytes (iolo technologies, LLC (based on original work by Bo Brantén), FileDisk Virtual Disk Driver)
0xF1D3B000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF1D2B000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF82D4000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF2CE4000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8952000 SiWinAcc.sys 12288 bytes (Silicon Image, Inc., Windows Accelerator Driver)
0xF8AC6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8A3C000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8AC4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A36000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8AC8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8A50000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8ACA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8A3E000 SiRemFil.sys 8192 bytes (Silicon Image, Inc., Filter driver for Silicon Image SATALink controllers.)
0xF8A84000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8AA0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A3A000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8A38000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8BF6000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8BAD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8B45000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0x81F8C008 unknown_irp_handler 4088 bytes
0x81FF7108 unknown_irp_handler 3832 bytes
0x81F2F668 unknown_irp_handler 2456 bytes
0x81F44730 unknown_irp_handler 2256 bytes
0x81F427B0 unknown_irp_handler 2128 bytes
0x82362880 unknown_irp_handler 1920 bytes
!!!!!!!!!!!Hidden driver: 0x81892AEA ?_empty_? 1302 bytes
0x81E59C98 unknown_irp_handler 872 bytes
0x816AED38 unknown_irp_handler 712 bytes
0x81FBEE70 unknown_irp_handler 400 bytes
0x81F41E98 unknown_irp_handler 360 bytes
0x81892EC5 unknown_irp_handler 315 bytes
0x81735FB0 unknown_irp_handler 80 bytes
!!!!!!!!!!!Hidden driver: 0x81BAABC0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF87CE000 WARNING: suspicious driver modification [ultra.sys::0x81892AEA]
0xF2CE4000 WARNING: Virus alike driver modification [rasacd.sys], 12288 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\atapi.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B78C, Type: Inline - PushRet 0x804E278C-->E63DF0C3 [unknown_code_page]
ntoskrnl.exe+0x0000B7B0, Type: Inline - PushRet 0x804E27B0-->C39786F0 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[1064]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[1064]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1064]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1064]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[1064]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[1064]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[1064]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[1064]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[1064]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[1064]svchost.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[1064]svchost.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[1064]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[1096]taskmgr.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1140]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1140]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1140]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1140]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1140]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1140]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1140]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1140]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1140]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[1180]SbPFSvc.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[1204]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[1204]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1204]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1204]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[1204]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[1204]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[1204]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[1204]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[1204]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[1204]svchost.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[1204]svchost.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[1204]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[1224]avgchsvx.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[1232]avgrsx.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[128]nvsvc32.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[1304]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[1304]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1304]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1304]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[1304]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[1304]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[1304]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[1304]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[1304]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[1304]svchost.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[1304]svchost.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[1304]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[1368]avgcsrvx.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[1400]avgnsx.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1556]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1556]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1556]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1556]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1556]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1556]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1556]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1556]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1556]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1556]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1556]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1556]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1556]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[196]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[196]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[196]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[196]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[196]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[196]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[196]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[196]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[196]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[196]svchost.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[196]svchost.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[196]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[1980]spoolsv.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[2180]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[2180]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[2180]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[2180]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[2180]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[2180]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[2180]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[2180]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[2180]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
Last edited by !B_MS9Qv on October 15th, 2010, 1:42 am, edited 1 time in total.
!B_MS9Qv
Active Member
 
Posts: 11
Joined: October 10th, 2010, 6:55 pm

Re: Browser Tab Redirects

Unread postby !B_MS9Qv » October 15th, 2010, 1:16 am

RKUnhooker part 2

[2296]avgemc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[2296]avgemc.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[2296]avgemc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[2296]avgemc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[2296]avgemc.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[2296]avgemc.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[2296]avgemc.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[2296]avgemc.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[2296]avgemc.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[2296]avgemc.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[2296]avgemc.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[2296]avgemc.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[2296]avgemc.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[2404]rundll32.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[2404]rundll32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[2404]rundll32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[2404]rundll32.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[2404]rundll32.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[2404]rundll32.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[2404]rundll32.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[2404]rundll32.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[2404]rundll32.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[2452]HDInspector.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[2504]hispeedcore.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[2520]avgcsrvx.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[2572]avgtray.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[2572]avgtray.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[2572]avgtray.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[2572]avgtray.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[2572]avgtray.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[2572]avgtray.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[2572]avgtray.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[2572]avgtray.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[2572]avgtray.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[2572]avgtray.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[2572]avgtray.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[2572]avgtray.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[2580]ctfmon.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[268]avgwdsvc.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[2796]SbPFCl.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[3348]alg.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[3348]alg.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[3348]alg.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[3348]alg.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[3348]alg.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[3348]alg.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[3348]alg.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[3348]alg.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[3348]alg.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[3348]alg.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[3348]alg.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[3348]alg.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[464]DkService.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[464]DkService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[464]DkService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[464]DkService.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[464]DkService.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[464]DkService.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[464]DkService.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[464]DkService.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[464]DkService.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[464]DkService.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[464]DkService.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[464]DkService.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[620]HDDSvc.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[680]csrss.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[680]csrss.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[680]csrss.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[712]winlogon.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[712]winlogon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[712]winlogon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[712]winlogon.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[712]winlogon.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[712]winlogon.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[712]winlogon.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[712]winlogon.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[712]winlogon.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[712]winlogon.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[712]winlogon.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[712]winlogon.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[760]services.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[760]services.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[760]services.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[760]services.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[760]services.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[760]services.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[760]services.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[760]services.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[760]services.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[772]lsass.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[772]lsass.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[772]lsass.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[772]lsass.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[772]lsass.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[772]lsass.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[772]lsass.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[772]lsass.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[772]lsass.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[772]lsass.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[772]lsass.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[772]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[924]svchost.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[924]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[924]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[924]svchost.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[924]svchost.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[924]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[924]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[924]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[924]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
[924]svchost.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [unknown_code_page]
[924]svchost.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [unknown_code_page]
[924]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->CreateRemoteThread, Type: Inline - RelativeJump 0x7C8104CC-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7C8106D7-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C8641E9-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->VirtualAllocEx, Type: Inline - RelativeJump 0x7C809B12-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C862AED-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x63019446-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x6301F4E2-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x6302B2D5-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302DEF0-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63077347-->00000000 [unknown_code_page]
[956]SbPFLnch.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x6302B92E-->00000000 [unknown_code_page]
!B_MS9Qv
Active Member
 
Posts: 11
Joined: October 10th, 2010, 6:55 pm

Re: Browser Tab Redirects

Unread postby deltalima » October 15th, 2010, 4:06 am

Hi !B_MS9Qv,

Why have you edited the original post?

Please replace the log that you have removed, this forum is used as a teaching resource and the complete logs are a vital record of the work being done to be used for future study.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser Tab Redirects

Unread postby !B_MS9Qv » October 15th, 2010, 10:18 pm

Hi deltalima

I deleted that log because you said it was unreadable and was generated with an old version (v2.0.2) of the program. It just seemed to be taking up space. I don't have a copy. If you want me to find Hijack this v2.0.2 and rescan I will. Otherwise it will not happen again. TDSSKiller found 2 things, the default for the locked atapi file was skip the other was cure. Hopefully that was correct. Upon reboot my preferred desktop theme returned. Here is the log:

2010/10/15 15:59:39.0153 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/15 15:59:39.0153 ================================================================================
2010/10/15 15:59:39.0153 SystemInfo:
2010/10/15 15:59:39.0153
2010/10/15 15:59:39.0153 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/15 15:59:39.0153 Product type: Workstation
2010/10/15 15:59:39.0153 ComputerName: DESK
2010/10/15 15:59:39.0153 UserName: Administrator
2010/10/15 15:59:39.0153 Windows directory: C:\WINDOWS
2010/10/15 15:59:39.0153 System windows directory: C:\WINDOWS
2010/10/15 15:59:39.0153 Processor architecture: Intel x86
2010/10/15 15:59:39.0153 Number of processors: 1
2010/10/15 15:59:39.0153 Page size: 0x1000
2010/10/15 15:59:39.0153 Boot type: Normal boot
2010/10/15 15:59:39.0153 ================================================================================
2010/10/15 15:59:39.0834 Initialize success
2010/10/15 15:59:47.0024 ================================================================================
2010/10/15 15:59:47.0024 Scan started
2010/10/15 15:59:47.0024 Mode: Manual;
2010/10/15 15:59:47.0024 ================================================================================
2010/10/15 15:59:47.0705 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/15 15:59:47.0825 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/15 15:59:48.0006 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/15 15:59:48.0106 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
2010/10/15 15:59:48.0637 amdagpxp (0bd52001b37b9260145b3c44efa7e86c) C:\WINDOWS\system32\DRIVERS\amdagpxp.sys
2010/10/15 15:59:48.0807 AnyDVD (7a7a9f83fa3572448111886e34ca8565) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2010/10/15 15:59:48.0937 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/15 15:59:49.0288 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/15 15:59:49.0398 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/15 15:59:49.0398 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9f3a2f5aa6875c72bf062c712cfa2674
2010/10/15 15:59:49.0448 atapi - detected Locked file (1)
2010/10/15 15:59:49.0598 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/15 15:59:49.0728 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/15 15:59:49.0938 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/10/15 15:59:50.0029 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/10/15 15:59:50.0139 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/10/15 15:59:50.0279 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/15 15:59:50.0429 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/15 15:59:50.0619 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/15 15:59:50.0710 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/15 15:59:50.0820 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/15 15:59:51.0160 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/15 15:59:51.0441 d346bus (99159e3ef20a4792aefe4115e8ad0957) C:\WINDOWS\system32\DRIVERS\d346bus.sys
2010/10/15 15:59:51.0521 d346prt (fb228cd598b7686e98fbf7bfb55666eb) C:\WINDOWS\System32\Drivers\d346prt.sys
2010/10/15 15:59:51.0821 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/15 15:59:52.0021 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/15 15:59:52.0152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/15 15:59:52.0252 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/15 15:59:52.0342 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/15 15:59:52.0572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/15 15:59:52.0712 ElbyCDIO (027319ab8628d3ae07ff3b5a40fab62f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/10/15 15:59:52.0793 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
2010/10/15 15:59:52.0893 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2010/10/15 15:59:52.0983 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
2010/10/15 15:59:53.0133 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/15 15:59:53.0253 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/15 15:59:53.0353 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
2010/10/15 15:59:53.0444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/15 15:59:53.0544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/15 15:59:53.0654 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/15 15:59:53.0764 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/15 15:59:53.0864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/15 15:59:53.0984 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/10/15 15:59:54.0054 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/15 15:59:54.0205 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/10/15 15:59:54.0325 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/15 15:59:54.0555 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/15 15:59:54.0876 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/15 15:59:55.0006 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/15 15:59:55.0326 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/15 15:59:55.0426 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/15 15:59:55.0506 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/15 15:59:55.0587 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/15 15:59:55.0697 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/15 15:59:55.0787 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/15 15:59:55.0907 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/15 15:59:56.0007 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/15 15:59:56.0097 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/15 15:59:56.0207 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/15 15:59:56.0558 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/10/15 15:59:56.0728 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/15 15:59:56.0848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/15 15:59:56.0919 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/10/15 15:59:57.0009 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/15 15:59:57.0099 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/15 15:59:57.0159 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/15 15:59:57.0369 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/15 15:59:57.0479 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/15 15:59:57.0670 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/15 15:59:57.0790 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/15 15:59:57.0880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/15 15:59:57.0970 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/15 15:59:58.0060 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/15 15:59:58.0160 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/15 15:59:58.0260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/15 15:59:58.0371 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/15 15:59:58.0461 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/15 15:59:58.0551 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/15 15:59:58.0651 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/15 15:59:58.0761 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/15 15:59:58.0861 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/15 15:59:59.0062 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/15 15:59:59.0182 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/15 15:59:59.0312 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/15 15:59:59.0472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/15 15:59:59.0943 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/15 16:00:00.0394 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/15 16:00:00.0484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/15 16:00:00.0594 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/15 16:00:00.0694 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/15 16:00:00.0774 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/15 16:00:00.0874 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/15 16:00:00.0964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/15 16:00:01.0215 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/15 16:00:01.0315 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/10/15 16:00:02.0096 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/15 16:00:02.0186 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/15 16:00:02.0306 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/15 16:00:02.0396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/15 16:00:02.0927 RasAcd (29149dd515bb12758a87b8d4e8e26ab1) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/15 16:00:02.0927 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 29149dd515bb12758a87b8d4e8e26ab1, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
2010/10/15 16:00:02.0987 RasAcd - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/15 16:00:03.0087 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/15 16:00:03.0198 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/15 16:00:03.0298 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/15 16:00:03.0418 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/15 16:00:03.0528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/15 16:00:03.0658 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/15 16:00:03.0758 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/15 16:00:03.0889 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/15 16:00:04.0069 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2010/10/15 16:00:04.0229 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/10/15 16:00:04.0369 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/15 16:00:04.0469 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/15 16:00:04.0590 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys
2010/10/15 16:00:04.0690 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
2010/10/15 16:00:04.0790 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys
2010/10/15 16:00:04.0910 sbpci (4939d6f53ec3a18674deba8532f193ca) C:\WINDOWS\system32\drivers\sbpci.sys
2010/10/15 16:00:05.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/15 16:00:05.0271 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/15 16:00:05.0371 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/15 16:00:05.0591 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/15 16:00:05.0751 Si3112 (2525f35d0a0e94bb0ca7b4b68117b453) C:\WINDOWS\system32\DRIVERS\SI3112.sys
2010/10/15 16:00:05.0811 SiFilter (355a9f09eddcd5eed858c71a3b5ca70c) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2010/10/15 16:00:05.0992 SiRemFil (ad3fc65cf8df75705394f568f1a15405) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
2010/10/15 16:00:06.0232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/15 16:00:06.0352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/15 16:00:06.0492 Srv (30efed0c77d59ae0cacb0b5c756767ed) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/15 16:00:06.0622 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/15 16:00:06.0723 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/15 16:00:07.0143 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/15 16:00:07.0323 Tcpip (367de8e5f638c091f49273144274f629) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/15 16:00:07.0444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/15 16:00:07.0534 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/15 16:00:07.0634 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/15 16:00:07.0954 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/15 16:00:08.0035 ultra (763ef66d68fdd2e718795b10f0f7b8a9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/15 16:00:08.0145 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2010/10/15 16:00:08.0255 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/15 16:00:08.0435 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/15 16:00:08.0535 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/15 16:00:08.0635 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/15 16:00:08.0736 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/15 16:00:08.0826 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/15 16:00:08.0916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/15 16:00:09.0016 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/15 16:00:09.0116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/15 16:00:09.0196 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/15 16:00:09.0276 videX32 (09d0aa11e41ca58f65006d5de84acaf0) C:\WINDOWS\system32\DRIVERS\videX32.sys
2010/10/15 16:00:09.0366 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/15 16:00:09.0527 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/15 16:00:09.0717 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/15 16:00:10.0989 ================================================================================
2010/10/15 16:00:10.0989 Scan finished
2010/10/15 16:00:10.0989 ================================================================================
2010/10/15 16:00:11.0089 Detected object count: 2
2010/10/15 16:01:26.0848 Locked file(atapi) - User select action: Skip
2010/10/15 16:01:26.0918 RasAcd (29149dd515bb12758a87b8d4e8e26ab1) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/15 16:01:26.0918 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 29149dd515bb12758a87b8d4e8e26ab1, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
2010/10/15 16:01:28.0821 Backup copy found, using it..
2010/10/15 16:01:28.0841 C:\WINDOWS\system32\DRIVERS\rasacd.sys - will be cured after reboot
2010/10/15 16:01:28.0841 Rootkit.Win32.TDSS.tdl3(RasAcd) - User select action: Cure
2010/10/15 16:01:35.0200 Deinitialize success
!B_MS9Qv
Active Member
 
Posts: 11
Joined: October 10th, 2010, 6:55 pm

Re: Browser Tab Redirects

Unread postby deltalima » October 16th, 2010, 4:14 am

Hi !B_MS9Qv,

Please reboot and then run a quick scan with Malwarebytes, remove any infections found and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser Tab Redirects

Unread postby !B_MS9Qv » October 16th, 2010, 5:33 am

Hi deltalima

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4783

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/15/2010 11:27:53 PM
mbam-log-2010-10-15 (23-27-53).txt

Scan type: Quick scan
Objects scanned: 130293
Time elapsed: 15 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
!B_MS9Qv
Active Member
 
Posts: 11
Joined: October 10th, 2010, 6:55 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 61 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware