Free Malware Removal Forum

by **ikenewton** » June 19th, 2010, 12:52 am

I'm redirected to another site than the one described in the search engine result. This happens with all search engines. New windows to random(?) sites open automatically

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:40 PM, on 6/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TurboTax 2008] "D:\TurboTax 2008\TurboTax 2008 Installer.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] "C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [skassjha] "C:\Documents and Settings\Ken\Local Settings\Application Data\fagufyqun\iasdnkgtssd.exe"
O4 - HKLM\..\Run: [thrjkeqo] "C:\Documents and Settings\Ken\Local Settings\Application Data\sqhgurytl\lcfevyitssd.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] "C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe"
O4 - HKCU\..\Run: [skassjha] "C:\Documents and Settings\Ken\Local Settings\Application Data\fagufyqun\iasdnkgtssd.exe"
O4 - HKCU\..\Run: [thrjkeqo] "C:\Documents and Settings\Ken\Local Settings\Application Data\sqhgurytl\lcfevyitssd.exe"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 9052 bytes

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:40 PM, on 6/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TurboTax 2008] "D:\TurboTax 2008\TurboTax 2008 Installer.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] "C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [skassjha] "C:\Documents and Settings\Ken\Local Settings\Application Data\fagufyqun\iasdnkgtssd.exe"
O4 - HKLM\..\Run: [thrjkeqo] "C:\Documents and Settings\Ken\Local Settings\Application Data\sqhgurytl\lcfevyitssd.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] "C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe"
O4 - HKCU\..\Run: [skassjha] "C:\Documents and Settings\Ken\Local Settings\Application Data\fagufyqun\iasdnkgtssd.exe"
O4 - HKCU\..\Run: [thrjkeqo] "C:\Documents and Settings\Ken\Local Settings\Application Data\sqhgurytl\lcfevyitssd.exe"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 9052 bytes

by **deltalima** » June 21st, 2010, 12:04 pm

Hi ikenewton,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Uninstall List

Open HijackThis.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please copy and paste the contents of this log in your next reply.

by **ikenewton** » June 21st, 2010, 11:05 pm

OK. I understand. I'm ready. Guess I pasted the hjt log file twice instead of once and then the uninstall list. Uninstall list is below.

Thanks.

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.3.2
Apple Application Support
Apple Software Update
Audacity 1.2.3
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Countdown Clock 2.0.4
Countdown Clock 2.0.4 (C:\Program Files\Countdown Clock\)
Countdown Clock Demo 3.3
Critical Update for Windows Media Player 11 (KB959772)
Deal or No Deal - Secret Vault Games
Dell ResourceCD
Dynex Wireless G Enhanced Adapter
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Unload DLL Patch
Inkjet Printer/Scanner Extended Survey Program
Java(TM) 6 Update 11
Java(TM) 6 Update 6
LimeWire 5.5.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Paint Shop Pro 6.0 (CD-ROM)
PC Connectivity Solution
PrimoPDF -- by Nitro PDF Software
pschmid.net Ltd. - RibbonCustomizer Add-In
QuickTime
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio
SamsungConnectivityCableDriver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SoundMAX
Sprint SmartView
Spy Sweeper Core
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Webroot AntiVirus with AntiSpyware
Webroot Desktop Firewall
WIDCOMM Bluetooth Software
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

by **deltalima** » June 22nd, 2010, 3:22 am

Hi ikenewton,

Remove P2P Programs

I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.5.8
Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Click on start
Then Run
In the open text entry box please copy/paste appwiz.cpl Then click enter.
Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

by **ikenewton** » June 23rd, 2010, 1:04 am

I'm having trouble submitting. Each time it comes back as webpage not found. So here it is in pieces.

Limewire removed.

by **ikenewton** » June 23rd, 2010, 1:05 am

here's OTL

OTL logfile created on: 6/22/2010 10:25:56 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Ken\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 237.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 54.09 Gb Free Space | 70.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.52 Gb Total Space | 26.68 Gb Free Space | 35.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Ken
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ken\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\Spy Sweeper\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (Webroot Software Inc (www.webroot.com))
PRC - C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe (Webroot Software Inc (www.webroot.com))
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe ()
PRC - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ken\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (SprintRcAppSvc) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (WDFNet) -- C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe (Webroot Software Inc (www.webroot.com))
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Dynex DX-WGPDTC WLService) -- C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (Nmea) -- C:\WINDOWS\system32\drivers\pctnullport.sys (PCTEL Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (pwipf6) -- C:\WINDOWS\system32\drivers\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys ()
DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (WIDCOMM, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (WIDCOMM, Inc.)
DRV - (LNE100) Linksys LNE100TX(v5) -- C:\WINDOWS\system32\drivers\lne100v5.sys (LinkSys Group Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (SpeakerPhone) -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)
DRV - (ati2mpaa) -- C:\WINDOWS\system32\drivers\ati2mpaa.sys (ATI Technologies Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-299502267-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
IE - HKU\S-1-5-21-1957994488-299502267-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

[2009/03/11 12:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Mozilla\Extensions
[2009/03/11 12:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ken\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2008/05/25 22:29:21 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-1957994488-299502267-682003330-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-299502267-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [skassjha] C:\Documents and Settings\Ken\Local Settings\Application Data\fagufyqun\iasdnkgtssd.exe File not found
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [thrjkeqo] C:\Documents and Settings\Ken\Local Settings\Application Data\sqhgurytl\lcfevyitssd.exe File not found
O4 - HKLM..\Run: [TurboTax 2008] D:\TurboTax 2008\TurboTax 2008 Installer.exe File not found
O4 - HKLM..\Run: [Webroot Desktop Firewall] C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe (Webroot Software Inc (www.webroot.com))
O4 - HKU\S-1-5-21-1957994488-299502267-682003330-1004..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1957994488-299502267-682003330-1004..\Run: [skassjha] C:\Documents and Settings\Ken\Local Settings\Application Data\fagufyqun\iasdnkgtssd.exe File not found
O4 - HKU\S-1-5-21-1957994488-299502267-682003330-1004..\Run: [thrjkeqo] C:\Documents and Settings\Ken\Local Settings\Application Data\sqhgurytl\lcfevyitssd.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-299502267-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKU\S-1-5-21-1957994488-299502267-682003330-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (nd) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/25 16:22:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3d06d9eb-2ad0-11dd-9724-0018f80dcd40}\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O33 - MountPoints2\{74c50f76-f192-11dd-b1cb-001a733467cf}\Shell - "" = AutoRun
O33 - MountPoints2\{74c50f76-f192-11dd-b1cb-001a733467cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{74c50f76-f192-11dd-b1cb-001a733467cf}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{839e05da-8c6e-11de-b84a-001a733467cf}\Shell - "" = AutoRun
O33 - MountPoints2\{839e05da-8c6e-11de-b84a-001a733467cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{839e05da-8c6e-11de-b84a-001a733467cf}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -- File not found
O33 - MountPoints2\{c9c1e391-e962-11de-b878-001a733467cf}\Shell - "" = AutoRun
O33 - MountPoints2\{c9c1e391-e962-11de-b878-001a733467cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c9c1e391-e962-11de-b878-001a733467cf}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fedfe8f4-2084-11de-b830-001a733467cf}\Shell - "" = AutoRun
O33 - MountPoints2\{fedfe8f4-2084-11de-b830-001a733467cf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fedfe8f4-2084-11de-b830-001a733467cf}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/22 22:24:56 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken\Desktop\OTL.exe
[2010/06/22 22:23:56 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2010/06/20 21:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\PrimoPDF
[2010/06/20 21:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/06/18 22:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/18 22:54:24 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2010/06/08 22:51:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/08 22:21:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/08 22:02:56 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2010/05/25 15:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/25 15:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/22 22:24:00 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2010/06/22 22:24:00 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\Desktop\OTL.exe
[2010/06/22 16:27:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72DE8E52-E887-4498-9AD4-B64170D872E1}.job
[2010/06/22 02:00:05 | 000,001,648 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L65394487BA9A4EFCA10220A4E9087AAF.job
[2010/06/21 21:59:31 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Ken\Desktop\HiJackThis.lnk
[2010/06/21 21:57:14 | 000,010,005 | ---- | M] () -- C:\Documents and Settings\Ken\My Documents\uninstall_list 06212010
[2010/06/21 21:56:15 | 000,009,019 | ---- | M] () -- C:\Documents and Settings\Ken\My Documents\hijackthis 06212010
[2010/06/21 11:54:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/20 21:35:50 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Ken\NTUSER.DAT
[2010/06/20 21:35:50 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/06/20 21:35:34 | 000,000,314 | ---- | M] () -- C:\WINDOWS\primopdf.ini
[2010/06/20 21:32:33 | 007,744,980 | ---- | M] () -- C:\Program Files\FreewarePrimoPDF.exe
[2010/06/18 22:54:26 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2010/06/18 22:54:13 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
[2010/06/18 22:43:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/18 22:43:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/18 22:43:43 | 1072,549,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/13 15:35:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ken\ntuser.ini
[2010/06/13 15:35:14 | 000,000,568 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/13 15:35:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/13 15:35:14 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/06/13 08:12:20 | 000,181,760 | ---- | M] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/08 22:28:38 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/08 22:02:56 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2010/06/02 01:53:48 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010/06/02 01:53:48 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/21 21:57:14 | 000,010,005 | ---- | C] () -- C:\Documents and Settings\Ken\My Documents\uninstall_list 06212010
[2010/06/21 21:56:15 | 000,009,019 | ---- | C] () -- C:\Documents and Settings\Ken\My Documents\hijackthis 06212010
[2010/06/20 21:35:50 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/06/20 21:35:36 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/06/20 21:32:35 | 007,744,980 | ---- | C] () -- C:\Program Files\FreewarePrimoPDF.exe
[2010/06/18 22:58:00 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Ken\Desktop\HiJackThis.lnk
[2010/06/18 22:54:01 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
[2010/06/02 01:51:23 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010/06/02 01:51:23 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2009/08/15 20:14:33 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/08/15 20:14:33 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/05/26 17:38:12 | 000,026,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/04/21 18:26:56 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008/06/01 19:48:13 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2008/05/29 17:35:25 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Setup Wizard.INI
[2008/05/25 23:18:07 | 000,000,146 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/25 19:20:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WGPDTC.dll
[2008/05/25 19:20:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2003/09/19 15:35:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/09/19 15:34:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/09/19 15:27:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/09/19 15:14:42 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1193289
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7917A38
< End of report >

by **ikenewton** » June 23rd, 2010, 1:06 am

apparently it does not like the EXTRAS info. I'll run again.

by **ikenewton** » June 23rd, 2010, 1:15 am

Internet Explorer cannot display the webpage again and again.

what now? I'm unable to submit EXTRAS and GMER doesn't seem to work.

by **ikenewton** » June 23rd, 2010, 1:25 am

and how do I boot into SAFE mode?

thanks

by **ikenewton** » June 23rd, 2010, 1:54 am

figured out SAFE MODE, here's GMER log

GMER 1.0.15.15281 - http://www.gmer.net
Autostart scan 2010-06-23 00:45:02
Windows 5.1.2600 Service Pack 3

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
btwdins@ = C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Dynex DX-WGPDTC WLService@ = C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
FsUsbExService@ = C:\WINDOWS\system32\FsUsbExService.Exe
IJPLMSVC@ = C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
IntuitUpdateService@ = "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
WDFNet@ = C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
WebrootSpySweeperService@ = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
WRConsumerService@ = "C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Webroot Desktop Firewall"C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe" = "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@TurboTax 2008"D:\TurboTax 2008\TurboTax 2008 Installer.exe" /*file not found*/ = "D:\TurboTax 2008\TurboTax 2008 Installer.exe" /*file not found*/
@BluetoothAuthenticationAgent"rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent = "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
@Sprint SmartView"C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a = "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
@RDVCHG"C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe" = "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
@CanonSolutionMenu"C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon = "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon
@CanonMyPrinter"C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon = "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
@IJNetworkScanUtility"C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" = "C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@Adobe ARM"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@skassjha"C:\Documents and Settings\Ken\Local Settings\Application Data\fagufyqun\iasdnkgtssd.exe" /*file not found*/ = "C:\Documents and Settings\Ken\Local Settings\Application Data\fagufyqun\iasdnkgtssd.exe" /*file not found*/
@thrjkeqo"C:\Documents and Settings\Ken\Local Settings\Application Data\sqhgurytl\lcfevyitssd.exe" /*file not found*/ = "C:\Documents and Settings\Ken\Local Settings\Application Data\sqhgurytl\lcfevyitssd.exe" /*file not found*/
@NPSStartup /*file not found*/ = /*file not found*/
@SpySweeper"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MSMSGS"C:\Program Files\Messenger\msmsgs.exe" /background = "C:\Program Files\Messenger\msmsgs.exe" /background
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@AutoStartNPSAgent"C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" = "C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe"
@skassjha"C:\Documents and Settings\Ken\Local Settings\Application Data\fagufyqun\iasdnkgtssd.exe" /*file not found*/ = "C:\Documents and Settings\Ken\Local Settings\Application Data\fagufyqun\iasdnkgtssd.exe" /*file not found*/
@thrjkeqo"C:\Documents and Settings\Ken\Local Settings\Application Data\sqhgurytl\lcfevyitssd.exe" /*file not found*/ = "C:\Documents and Settings\Ken\Local Settings\Application Data\sqhgurytl\lcfevyitssd.exe" /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/(null) =
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\btneighborhood.dll = C:\WINDOWS\system32\btneighborhood.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
@{6230EF55-8E71-4F40-861A-DBA282584FF5} /*AVS Video Converter 6*/C:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL = C:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVS Video Converter 6@{6230EF55-8E71-4F40-861A-DBA282584FF5} = C:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
OnlineProtectMenu@{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4} = C:\Program Files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
OnlineProtectMenu@{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4} = C:\Program Files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
SpySweeper@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{d2ce3e00-f94a-4740-988e-03dc2f38c34f}C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll = C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\ssflwbox.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msnbc.com/ = http://www.msnbc.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = bmnet.dll
000000000002@PackedCatalogItem = bmnet.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003@PackedCatalogItem = bmnet.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup = BTTray.lnk

---- EOF - GMER 1.0.15 ----

by **ikenewton** » June 23rd, 2010, 1:57 am

still can't submit Extras. attached file just in case you can use it that way. Let me know what else to do.

Thanks

by **deltalima** » June 23rd, 2010, 3:32 am

Hi ikenewton,

Scan With RKUnHooker

Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and select then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

by **ikenewton** » June 23rd, 2010, 6:24 am

RKU and MBAM done.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF733E000 btkrnl.sys 1245184 bytes (WIDCOMM, Inc., Bluetooth Protocol Driver for Windows 2000)
0xF5E6C000 C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF5DC4000 C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7488000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBAC8B000 C:\WINDOWS\System32\DRIVERS\HSF_V124.sys 491520 bytes (Conexant, V124NT driver)
0xF5CE0000 C:\WINDOWS\system32\drivers\smwdm.sys 479232 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEC171000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBADED000 C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys 393216 bytes (Conexant, K56NT driver)
0xF5C36000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBF9D6000 C:\WINDOWS\System32\ati2dvaa.dll 380928 bytes (ATI Technologies Inc., ATI RAGE 128 WindowsNT Display Driver)
0xF5D69000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xEC299000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBAD6E000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF5FFC000 C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys 327680 bytes (ATI Technologies Inc., ATI RAGE 128 Miniport Driver)
0xBAEBA000 C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys 290816 bytes (Conexant, Fallback driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBA707000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5BFB000 C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 241664 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0xF5F8E000 C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xBAF01000 C:\WINDOWS\system32\drivers\btslbcsp.sys 204800 bytes (WIDCOMM, Inc., Bluetooth Serial Driver for Windows 2000)
0xBAD3D000 C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys 200704 bytes (Conexant, FaxNT driver)
0xF7614000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF75D5000 SSIDRV.SYS 188416 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0xBAF5B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF75A8000 C:\WINDOWS\SYSTEM32\Drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9EC9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEC209000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEC256000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEC0AB000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9EF4000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF5CBC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5FC4000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5F6B000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEC234000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7551000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7589000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBAE9D000 C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys 118784 bytes (Conexant, FSKsNT driver)
0xEC27E000 C:\WINDOWS\system32\drivers\pwipf6.sys 110592 bytes (Privacyware/PWI, Inc., pwipf6)
0xF746E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7571000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7528000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5CA5000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBA9F6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5D55000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF5FE8000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEC2F2000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7515000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF9C4000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBAD2B000 C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys 73728 bytes (Conexant, SpkpNT driver)
0xF753F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7603000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5C94000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF5AC0000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF78A3000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7883000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF78D3000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF78B3000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7843000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF174E000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF76C3000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF77B3000 C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys 53248 bytes (Conexant, TonesNT driver)
0xF7893000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7703000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76A3000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6773000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76D3000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF50F1000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF78C3000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7693000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6783000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7683000 ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xF7663000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF176E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF6753000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF76B3000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA860000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xF50D1000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7863000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7873000 C:\WINDOWS\system32\DRIVERS\LNE100V5.sys 36864 bytes (LinkSys Group Inc., Linksys LNE100TX(v5) Fast Ethernet Adapter NDIS5 Driver)
0xF6763000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF5121000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA020000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7673000 SSHRMD.SYS 36864 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0xF50E1000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF790B000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF3AF8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7943000 C:\WINDOWS\system32\DRIVERS\pctnullport.sys 32768 bytes (PCTEL Inc., Null-modem emulator)
0xF792B000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7913000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF4DDB000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78EB000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF794B000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xEC6F6000 C:\WINDOWS\system32\drivers\btserial.sys 24576 bytes
0xF791B000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7953000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7A6B000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF3B08000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF3B18000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF3B00000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78F3000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7923000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF793B000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF3AF0000 C:\WINDOWS\System32\Drivers\tcpipBM.SYS 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider)
0xF78E3000 C:\WINDOWS\SYSTEM32\Drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF4DBB000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF3A30000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA7A0000 C:\WINDOWS\system32\GTNDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
0xF3FF6000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7AF3000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF3A2C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7306000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A73000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF5BE7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF3A38000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBAFF0000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF3A34000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF72FA000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF3D32000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 12288 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF3D4E000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF3D46000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B97000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7BEF000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7BED000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B63000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BF1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF10BF000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7BF3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B9B000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7B99000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7B9F000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF1D64000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B65000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C6B000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D1A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF3A49000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C2B000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7C6A000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade)
0x86A850D0 unknown_irp_handler 3888 bytes
0x86A4F0D0 unknown_irp_handler 3888 bytes
0x86A510D8 unknown_irp_handler 3880 bytes
0x86A6E0F0 unknown_irp_handler 3856 bytes
0x86B820F0 unknown_irp_handler 3856 bytes
0x86A140F8 unknown_irp_handler 3848 bytes
0x86B9A108 unknown_irp_handler 3832 bytes
0x86D5C110 unknown_irp_handler 3824 bytes
0x86BD3120 unknown_irp_handler 3808 bytes
0x86BB4190 unknown_irp_handler 3696 bytes
0x86A4C1D0 unknown_irp_handler 3632 bytes
0x86B4A268 unknown_irp_handler 3480 bytes
0x86A522C0 unknown_irp_handler 3392 bytes
0x86AE62F8 unknown_irp_handler 3336 bytes
0x86C1B3B8 unknown_irp_handler 3144 bytes
0x86BD44C8 unknown_irp_handler 2872 bytes
0x86BF75C8 unknown_irp_handler 2616 bytes
0x86BC46E0 unknown_irp_handler 2336 bytes
0x86DF0748 unknown_irp_handler 2232 bytes
0x86D50848 unknown_irp_handler 1976 bytes
0x86A42900 unknown_irp_handler 1792 bytes
0x86B209C0 unknown_irp_handler 1600 bytes
0x86A40A08 unknown_irp_handler 1528 bytes
0x86E13A30 unknown_irp_handler 1488 bytes
!!!!!!!!!!!Hidden driver: 0x86EC9AEA ?_empty_? 1302 bytes
0x86A5EBC8 unknown_irp_handler 1080 bytes
0x86BCAC88 unknown_irp_handler 888 bytes
0x86B08C90 unknown_irp_handler 880 bytes
0x86EC9D01 unknown_irp_handler 767 bytes
!!!!!!!!!!!Hidden driver: 0x86F412F0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF7571000 WARNING: suspicious driver modification [atapi.sys::0x86EC9AEA]
0x05DA0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 1077248 bytes
0x05D40000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 126976 bytes
0x0E740000 Hidden Image-->System.EnterpriseServices.Wrapper.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 126976 bytes
0x0E440000 Hidden Image-->System.Runtime.Serialization.Formatters.Soap.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 143360 bytes
0x035E0000 Hidden Image-->System.XML.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 2060288 bytes
0x04970000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 266240 bytes
0x046A0000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 270336 bytes
0x09390000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 270336 bytes
0x06150000 Hidden Image-->log4net.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 282624 bytes
0x04370000 Hidden Image-->System.Data.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 2961408 bytes
0x08ED0000 Hidden Image-->System.Data.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 2961408 bytes
0x05420000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 307200 bytes
0x03810000 Hidden Image-->System.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 3158016 bytes
0xF7673000 WARNING: Virus alike driver modification [SSHRMD.SYS], 36864 bytes
0x06D10000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 421888 bytes
0x03570000 Hidden Image-->System.configuration.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 438272 bytes
0x012D0000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 471040 bytes
0x04790000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 479232 bytes
0x067A0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 479232 bytes
0x05670000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 5033984 bytes
0x06F50000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 5033984 bytes
0x01240000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 53248 bytes
0x05BC0000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 634880 bytes
0x01280000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 77824 bytes
0x042A0000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x86ADCB10 ] PID: 1896, 778240 bytes
0x07590000 Hidden Image-->System.Web.Services.dll [ EPROCESS 0x86B47DA0 ] PID: 3444, 847872 bytes
0x034E0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x86ADCB10 ] PID: 1896, 86016 bytes
0x06600000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x86ADCB10 ] PID: 1896, 872448 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
==============================================
>Hooks
==============================================
IDT-->Int B4h-->Unexpected Interrupt, Type: IDT modification[86A42DD4] [unknown_irp_handler]
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B774, Type: Inline - RelativeCall 0x804E2774-->C0D5258A [unknown_code_page]
ntoskrnl.exe+0x0000B9A0, Type: Inline - RelativeJump 0x804E29A0-->804E2971 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B9F0, Type: Inline - RelativeJump 0x804E29F0-->804E2983 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA48, Type: Inline - RelativeJump 0x804E2A48-->804E2A3F [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA94, Type: Inline - RelativeJump 0x804E2A94-->804E2A77 [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xEC2D8460-->86F7CAF8 [unknown_code_page]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF50E6B1C-->86F7CA00 [unknown_code_page]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF50E6B28-->86F7CAF8 [unknown_code_page]
[1056]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1056]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1056]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1056]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1056]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1056]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1056]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1056]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1056]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1056]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1148]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1148]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1148]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1148]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1148]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1148]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1148]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1148]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1296]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1296]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1296]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1296]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1296]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1296]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1296]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1380]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1380]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1380]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1380]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1380]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1380]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1380]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1520]logonui.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1520]logonui.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1520]logonui.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1520]logonui.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1520]logonui.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1520]logonui.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1520]logonui.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1616]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1700]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1700]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1700]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1700]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1700]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1700]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1700]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1744]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1744]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1744]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1744]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1744]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1744]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1744]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1764]btwdins.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1792]WLService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1792]WLService.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1792]WLService.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1792]WLService.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1792]WLService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1792]WLService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1792]WLService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1824]FsUsbExService.Exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1832]WLanCfgG.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1864]ijplmsvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1896]IntuitUpdateService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[1924]jqs.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[1924]jqs.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[1924]jqs.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[1924]jqs.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[1924]jqs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[1924]jqs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[1924]jqs.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[2020]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[2020]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[2020]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[2020]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[2020]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[2020]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[2020]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[2060]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2060]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2060]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2060]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2060]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2060]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2060]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2060]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2060]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2060]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2060]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2060]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2060]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2060]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2060]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2060]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2060]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2060]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2060]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2060]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2060]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2060]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2060]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2060]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2060]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2060]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2060]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2060]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[2060]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[2276]explorer.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2276]explorer.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[2276]explorer.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[2276]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2276]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2276]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2276]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2276]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2276]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2276]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2276]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2276]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2276]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2356]alg.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[2356]alg.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[2356]alg.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[2356]alg.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[2356]alg.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[2356]alg.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[2356]alg.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[2356]alg.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[260]SpySweeper.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3084]jusched.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3084]jusched.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3084]jusched.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3084]jusched.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3084]jusched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3084]jusched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3084]jusched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3132]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3160]SSU.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [SSU.exe]
[3160]SSU.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [SSU.exe]
[3160]SSU.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3160]SSU.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->00000000 [SSU.exe]
[3160]SSU.exe-->kernel32.dll-->VirtualFree, Type: Inline - RelativeJump 0x7C809B84-->00000000 [SSU.exe]
[3160]SSU.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [SSU.exe]
[3160]SSU.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E485-->00000000 [SSU.exe]
[3160]SSU.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3172]RDVCHG.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[3444]SpySweeperUI.exe-->kernel32.dll+0x000106F1, Type: Inline - RelativeJump 0x7C8106F1-->00000000 [kernel32.dll]
[3748]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3748]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3748]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3748]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3748]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3748]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3748]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3748]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3748]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3748]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3748]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3748]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3748]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3748]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3748]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3748]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3748]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3748]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3748]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3748]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3748]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3748]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3748]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3748]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3748]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3748]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3748]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3748]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3748]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3844]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[3844]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[3844]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[3844]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[3844]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[3844]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[3844]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[3844]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[672]winlogon.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[672]winlogon.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[672]winlogon.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[672]winlogon.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[672]winlogon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[672]winlogon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[672]winlogon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[720]services.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[720]services.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[720]services.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[720]services.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[720]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[720]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[720]services.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[732]lsass.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[732]lsass.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[732]lsass.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[732]lsass.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[732]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[732]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[732]lsass.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[884]WRConsumerService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[900]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[900]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[900]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[900]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[900]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[900]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[900]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->ControlService, Type: Inline - RelativeJump 0x77DF4A09-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteKeyA, Type: Inline - RelativeJump 0x77DE42A0-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteKeyW, Type: Inline - RelativeJump 0x77DE559B-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x77DDECE5-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x77DDEDF1-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [wdfproc.dll]
[988]svchost.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->FreeLibraryAndExitThread, Type: Inline - RelativeJump 0x7C80C210-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [wdfproc.dll]
[988]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [wdfproc.dll]
[988]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E45A0A5-->00000000 [wdfproc.dll]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/23/2010 5:21:16 AM
mbam-log-2010-06-23 (05-21-16).txt

Scan type: Quick scan
Objects scanned: 137115
Time elapsed: 17 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\skassjha (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\thrjkeqo (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\skassjha (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\thrjkeqo (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Ken\Local Settings\Temp\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.

by **deltalima** » June 23rd, 2010, 6:37 am

Hi ikenewton,

TDSSKiller

Please Download TDSSKiller.exe and save it on your desktop.
Important!: only run this fix once.
Double click TDSSKiller.exe to run it.
a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 13.06.2010
To find the log click Start > Computer > C:.
Please post the contents of that log in your next reply.

Please let me know if the redirects have stopped.

by **ikenewton** » June 23rd, 2010, 7:42 am

here's the TDSSKILLER log. I'll try some searches.

thanks

06:30:48:000 0524 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
06:30:48:000 0524 ================================================================================
06:30:48:000 0524 SystemInfo:

06:30:48:000 0524 OS Version: 5.1.2600 ServicePack: 3.0
06:30:48:000 0524 Product type: Workstation
06:30:48:000 0524 ComputerName: HOME
06:30:48:000 0524 UserName: Ken
06:30:48:000 0524 Windows directory: C:\WINDOWS
06:30:48:000 0524 Processor architecture: Intel x86
06:30:48:000 0524 Number of processors: 1
06:30:48:000 0524 Page size: 0x1000
06:30:48:031 0524 Boot type: Normal boot
06:30:48:031 0524 ================================================================================
06:30:48:750 0524 Initialize success
06:30:48:750 0524
06:30:48:750 0524 Scanning Services ...
06:30:49:687 0524 Raw services enum returned 374 services
06:30:49:703 0524
06:30:49:703 0524 Scanning Drivers ...
06:30:52:671 0524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:30:52:812 0524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:30:52:968 0524 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
06:30:53:187 0524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:30:53:312 0524 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:30:53:437 0524 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
06:30:53:562 0524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:30:53:968 0524 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
06:30:54:343 0524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:30:54:468 0524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:30:54:687 0524 ati2mpaa (9027ae586ef5f0e6a40175e92917b44c) C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys
06:30:54:984 0524 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
06:30:55:203 0524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:30:55:375 0524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:30:55:484 0524 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
06:30:55:656 0524 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
06:30:55:859 0524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:30:56:000 0524 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
06:30:56:187 0524 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
06:30:56:296 0524 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
06:30:56:453 0524 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
06:30:56:687 0524 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
06:30:56:906 0524 BTKRNL (f61a79aadc40d7d719aa6c251ac074c2) C:\WINDOWS\system32\drivers\btkrnl.sys
06:30:57:250 0524 BTSERIAL (2734d1e5c2f023c8be24f56d3e51382c) C:\WINDOWS\system32\drivers\btserial.sys
06:30:57:328 0524 BTSLBCSP (88be2d743ee82245658e5085d1fdc502) C:\WINDOWS\system32\drivers\btslbcsp.sys
06:30:57:468 0524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:30:57:671 0524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:30:57:796 0524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:30:58:062 0524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:30:58:500 0524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:30:58:750 0524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:30:59:046 0524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:30:59:250 0524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:30:59:656 0524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:30:59:781 0524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:30:59:921 0524 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
06:31:00:109 0524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:31:00:203 0524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:31:00:281 0524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:31:00:343 0524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:31:00:468 0524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:31:00:609 0524 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
06:31:00:718 0524 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
06:31:00:890 0524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:31:00:968 0524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:31:01:109 0524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:31:01:234 0524 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
06:31:01:359 0524 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:31:01:593 0524 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:31:01:750 0524 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:31:01:812 0524 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:31:02:015 0524 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
06:31:02:281 0524 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
06:31:02:578 0524 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
06:31:03:000 0524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:31:03:312 0524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:31:03:375 0524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:31:03:656 0524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:31:03:734 0524 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:31:03:859 0524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:31:04:015 0524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:31:04:109 0524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:31:04:187 0524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:31:04:328 0524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:31:04:390 0524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:31:04:562 0524 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
06:31:04:718 0524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:31:04:875 0524 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
06:31:05:031 0524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:31:05:171 0524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:31:05:359 0524 LNE100 (e7a30b307ac29afbb993049df04bb91b) C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
06:31:05:484 0524 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
06:31:05:609 0524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:31:05:734 0524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:31:05:859 0524 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
06:31:05:984 0524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:31:06:109 0524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:31:06:453 0524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:31:06:890 0524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:31:07:625 0524 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:31:07:812 0524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:31:07:937 0524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:31:08:015 0524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:31:08:171 0524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:31:08:312 0524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:31:08:390 0524 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
06:31:08:515 0524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:31:08:687 0524 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:31:08:750 0524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:31:08:875 0524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:31:08:968 0524 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
06:31:09:093 0524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:31:09:218 0524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:31:09:390 0524 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys
06:31:09:531 0524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:31:09:687 0524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:31:09:828 0524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:31:09:984 0524 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
06:31:10:250 0524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:31:10:328 0524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:31:10:484 0524 OMCI (e1e54131462b63efefaf14aca8e4012b) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
06:31:10:765 0524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:31:10:828 0524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:31:10:953 0524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:31:11:109 0524 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
06:31:11:234 0524 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
06:31:11:390 0524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:31:11:531 0524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:31:11:687 0524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:31:11:843 0524 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
06:31:12:656 0524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:31:12:718 0524 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
06:31:12:796 0524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:31:12:953 0524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:31:13:093 0524 pwipf6 (380d68e4c630d0feadb47ff223a3552d) C:\WINDOWS\system32\drivers\pwipf6.sys
06:31:13:515 0524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:31:13:656 0524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:31:13:734 0524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:31:13:843 0524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:31:13:984 0524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:31:14:203 0524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:31:14:375 0524 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
06:31:14:546 0524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:31:14:656 0524 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
06:31:14:796 0524 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
06:31:14:937 0524 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
06:31:15:078 0524 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
06:31:15:406 0524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:31:15:750 0524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:31:15:921 0524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:31:16:546 0524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:31:16:828 0524 smwdm (12d9287937366bf1c9ad7007b5407deb) C:\WINDOWS\system32\drivers\smwdm.sys
06:31:17:031 0524 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
06:31:17:203 0524 SpeakerPhone (6c843c43fd7f0b42cfe477ce88d0f9b3) C:\WINDOWS\system32\DRIVERS\HSF_SPKP.sys
06:31:17:375 0524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:31:17:500 0524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:31:17:703 0524 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
06:31:17:937 0524 ssfs0bbc (4479aeb7ec022b75f882c167fe2a7a34) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
06:31:18:046 0524 SSHRMD (3153ee746c61861de8552d1a7733ba90) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
06:31:18:046 0524 Suspicious file (Forged): C:\WINDOWS\system32\Drivers\SSHRMD.SYS. Real md5: 3153ee746c61861de8552d1a7733ba90, Fake md5: 58154d7f69a1322d9bd885e2e61cf152
06:31:18:062 0524 File "C:\WINDOWS\system32\Drivers\SSHRMD.SYS" infected by TDSS rootkit ... 06:31:33:609 0524 Backup copy found, using it..
06:31:34:890 0524 !ttfc9 5
06:31:35:218 0524 !ttfc10 5
06:31:35:218 0524 cure failed
06:31:35:390 0524 SSIDRV (e971eee20b8083e57b5529aea065ec51) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
06:31:35:531 0524 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys
06:31:35:687 0524 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
06:31:35:828 0524 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
06:31:35:953 0524 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
06:31:36:078 0524 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
06:31:36:218 0524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:31:36:421 0524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:31:36:562 0524 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\WINDOWS\System32\drivers\swmsflt.sys
06:31:36:718 0524 swmx00 (5d3c9f767eaded3e14fa4ce6cf9f7725) C:\WINDOWS\system32\DRIVERS\swmx00.sys
06:31:36:828 0524 SWNC5E00 (e0919389fb29ed5c03b0b664236abe50) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
06:31:37:265 0524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:31:37:406 0524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:31:37:562 0524 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\WINDOWS\system32\drivers\tcpipBM.sys
06:31:37:687 0524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:31:37:796 0524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:31:37:937 0524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:31:38:140 0524 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
06:31:38:421 0524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:31:38:734 0524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:31:38:984 0524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:31:39:218 0524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:31:39:437 0524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:31:39:625 0524 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:31:39:875 0524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:31:40:171 0524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:31:40:359 0524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:31:40:609 0524 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
06:31:40:937 0524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:31:41:234 0524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:31:41:343 0524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:31:41:593 0524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:31:41:781 0524 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
06:31:42:031 0524 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
06:31:42:265 0524 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:31:43:125 0524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:31:44:125 0524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:31:44:140 0524
06:31:44:140 0524 Completed
06:31:44:140 0524
06:31:44:140 0524 Results:
06:31:44:140 0524 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
06:31:44:156 0524 File objects infected / cured / cured on reboot: 1 / 0 / 0
06:31:44:156 0524
06:31:44:734 0524 KLMD(ARK) unloaded successfully

Free Malware Removal Forum

ike's being redirected

ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Re: ike's being redirected

Who is online