Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Redirects and Windows Update Blocked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 13th, 2010, 12:18 pm

I am having browser redirects in both Firefox and Internet Explorer. Normal Windows Update procedures are blocked as well as the website through each browser. I have Total Protection by McAfee installed. It did catch something called Generic Dropper.VA last Friday evening. I followed normal McAfee instructions. Noticed more problems and downloaded and ran Malwarebytes Anti-malware yesterday. It did find several things infected and I do have the results to post when needed. I was asked to reboot and I did run the program again and it stated zero infected items.

An important note, I cannot disable McAfee Total Protection. I have tried various instructions to no avail. If this is required, I will need help with it.

Thank you so very much ahead of time! And now my HijackThis and Uninstall List.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:26 AM, on 7/13/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Stephanie\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100519051035.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1440x900.cmd
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: IMVU.lnk = C:\Users\Stephanie\AppData\Roaming\IMVUClient\IMVUClient.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c9861e1ac7e0cd) (gupdate1c9861e1ac7e0cd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12409 bytes

Uninstall List

32 Bit HP CIO Components Installer
Acer Arcade Live Main Page
Acer Assist
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer Registration
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Activation Assistant for the 2007 Microsoft Office suites
Active Desktop Calendar 7.86
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Agatha Christie Death on the Nile
AIM 6
Alice Greenfingers
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Azada
Backspin Billiards
Bejeweled 2 Deluxe
BlackBerry Desktop Software 4.5
BlackBerry Desktop Software 4.5
Bookworm Deluxe
Bricks of Egypt
Cake Mania
Casper
Chicken Invaders 3
Choice Guard
Chuzzle
Collins: A Short Course in Medical Terminology:Enhanced Reprint (Shared Components)
Compatibility Pack for the 2007 Office system
Corel MediaOne
Diner Dash Flo on the Go
eReader
eSobi v2
ExeBook Self-Publisher
Fairy Godmother Tycoon
FileZilla Client 3.3.0.1
Flip Words 2
Futuremark SystemInfo
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Solution Center 8.0
HP Update
HPSSupply
IrfanView (remove only)
Jewel Quest (remove only)
Jewel Quest Solitaire
Kick N Rush
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee Total Protection
MCE Software Encoder 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Morpheus Photo Morpher v3.01
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.6)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Netflix Movie Viewer
Notebook Interactive Viewer
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OpenOffice.org 2.4
Paint.NET v3.36
Palm Desktop by ACCESS
PCStitch Pro 9
PE585QA-32
PG583_32_inf
PhotoFiltre
QuickTime
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Media Manager
Sid Meier's Civilization 4 Demo
SimCity™ Societies Demo
Skype™ 4.0
Smart Menus (Windows Live Toolbar)
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
SplashMoney
SplashShopper
SplashShopper for BlackBerry
System Requirements Lab
TBS WMP Plug-in
Turbo Pizza
Windows Driver Package - Conexant (cxpl_mhd) Media (11/07/2007 6.0.104.0038)
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Toolbar
Zuma Deluxe
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am
Advertisement
Register to Remove

Re: Browser Redirects and Windows Update Blocked

Unread postby Cypher » July 16th, 2010, 12:00 pm

Hi and welcome to Malware Removal Forums, i apologize for the delay in answering your request for help the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Backup Made Easy

Noticed more problems and downloaded and ran Malwarebytes Anti-malware yesterday. It did find several things infected and I do have the results to post when needed.
Please post the results of the last MBAM scan.
Launch MBAM and click on logs, they are time dated.


Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select " Run as administrator " to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • Note: This log can be big you may need post it in separate replies.


Logs/Information to Post in your Next Reply

  • RSIT log.txt and info.txt contents.
  • RKUnhookerLE log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 17th, 2010, 9:13 am

Thank you so much for your reply. Saturday is the only day that I work outside the home. I would like to quickly add, that my computer is not used for business. I will be home this evening and will complete your instructions. I will however, post the MBAM logs that I spoke of earlier. I do appreciate your time helping me with this issue.

Stephanie

P.S. I would like to add that after running these scans, my computer did seem better for a few days. The redirects became blank. They returned as of yesterday as well as a window pop-up with the following message, "Host Process for Windows Services has stopped working." I also could not access Windows Update after these scans.

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4306

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

7/12/2010 5:56:49 PM
mbam-log-2010-07-12 (17-56-49).txt

Scan type: Full scan (C:\|H:\|)
Objects scanned: 415912
Time elapsed: 2 hour(s), 49 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 20
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Stephanie\AppData\Local\alestat.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spifi (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kbvwxutt (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Stephanie\AppData\Local\alestat.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Stephanie\Desktop\Amber\ZwinkySetup2.3.50.57.ZJfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Second Scan:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4308

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

7/13/2010 11:03:43 AM
mbam-log-2010-07-13 (11-03-43).txt

Scan type: Full scan (C:\|H:\|)
Objects scanned: 415872
Time elapsed: 2 hour(s), 31 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am

Re: Browser Redirects and Windows Update Blocked

Unread postby Cypher » July 17th, 2010, 11:36 am

You're welcome.
Post the rest of the requested logs when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 18th, 2010, 10:10 am

Logfile of random's system information tool 1.08 (written by random/random)
Run by Stephanie at 2010-07-17 20:37:44
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 83 GB (56%) free of 148 GB
Total RAM: 2815 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:58 PM, on 7/17/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Stephanie\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Stephanie\Desktop\RSIT.exe
C:\Program Files\trend micro\Stephanie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100519051035.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1440x900.cmd
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: IMVU.lnk = C:\Users\Stephanie\AppData\Roaming\IMVUClient\IMVUClient.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c9861e1ac7e0cd) (gupdate1c9861e1ac7e0cd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12312 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3324633011-2670318333-1750345384-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3324633011-2670318333-1750345384-1000UA.job
C:\Windows\tasks\WebReg Deskjet F300 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2009-12-21 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100519051035.dll [2010-04-27 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-12 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-05 4669440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2008-01-09 326176]
"PCMMediaSharing"=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-25 204908]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-02-01 630784]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-10-15 3387392]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"Apanel"=C:\ACERSW\config\NewSetApanel.cmd []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"eRecoveryService"= []
"Setresolution"=C:\ACERSW\config\1440x900.cmd []
"HotSync"=C:\Program Files\PalmSource\Desktop\HotSync.exe -AllUsers []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-03-06 236016]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-04-01 1180976]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Aim6"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-03 39408]
"Google Update"=C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe [2007-12-01 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel MediaOne\Corel PhotoDownloader.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-03 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk]
C:\PROGRA~1\Codebox\BitMeter\BITMET~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
C:\PROGRA~1\Google\GOOGLE~4\GOOGLE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
C:\PROGRA~1\PALTAL~1\paltalk.exe nas []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
IMVU.lnk - C:\Users\Stephanie\AppData\Roaming\IMVUClient\IMVUClient.exe
WkCalRem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-07-17 20:37:44 ----D---- C:\rsit
2010-07-13 11:55:31 ----D---- C:\Program Files\Trend Micro
2010-07-12 14:52:16 ----D---- C:\Users\Stephanie\AppData\Roaming\Malwarebytes
2010-07-12 14:52:09 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-12 14:52:08 ----D---- C:\ProgramData\Malwarebytes
2010-07-12 14:52:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-12 14:52:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-10 23:16:51 ----D---- C:\Program Files\Common Files\Scanner
2010-07-10 09:53:15 ----D---- C:\ProgramData\WindowsSearch
2010-06-30 13:47:31 ----D---- C:\Users\Stephanie\AppData\Roaming\Apple Computer
2010-06-30 13:46:54 ----DC---- C:\Windows\system32\DRVSTORE
2010-06-30 13:45:57 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-30 13:45:57 ----D---- C:\Program Files\iTunes
2010-06-30 13:43:46 ----D---- C:\Program Files\QuickTime
2010-06-30 13:43:42 ----D---- C:\ProgramData\Apple Computer
2010-06-30 13:41:08 ----D---- C:\Program Files\Apple Software Update

======List of files/folders modified in the last 1 months======

2010-07-17 20:37:58 ----D---- C:\Windows\Prefetch
2010-07-17 20:37:52 ----D---- C:\Windows\Temp
2010-07-16 18:41:40 ----D---- C:\Users\Stephanie\AppData\Roaming\IMVU
2010-07-15 17:16:37 ----D---- C:\qjcn
2010-07-13 13:31:14 ----SHD---- C:\System Volume Information
2010-07-13 11:58:01 ----SHD---- C:\Windows\Installer
2010-07-13 11:58:01 ----RD---- C:\Program Files
2010-07-13 11:58:01 ----HD---- C:\Config.Msi
2010-07-13 11:58:01 ----D---- C:\Windows
2010-07-13 11:57:56 ----D---- C:\Program Files\Common Files
2010-07-13 11:15:10 ----D---- C:\Windows\system32\catroot2
2010-07-13 08:30:44 ----D---- C:\Windows\System32
2010-07-13 07:00:03 ----A---- C:\Windows\ntbtlog.txt
2010-07-12 14:52:09 ----D---- C:\Windows\system32\drivers
2010-07-12 14:52:08 ----HD---- C:\ProgramData
2010-07-12 13:32:35 ----D---- C:\BFUploads
2010-07-11 18:45:43 ----D---- C:\Program Files\Common Files\Java
2010-07-11 15:04:29 ----D---- C:\Program Files\McAfee
2010-07-11 14:54:29 ----D---- C:\Program Files\Viewpoint
2010-07-11 14:54:11 ----D---- C:\Users\Stephanie\AppData\Roaming\Uniblue
2010-07-11 14:54:11 ----D---- C:\ProgramData\DriverScanner
2010-07-11 14:54:11 ----D---- C:\Program Files\Uniblue
2010-07-11 14:46:41 ----D---- C:\Program Files\SoftLogica
2010-07-11 14:46:27 ----D---- C:\Program Files\Google
2010-07-11 14:44:42 ----D---- C:\Windows\Tasks
2010-07-11 14:44:29 ----D---- C:\ProgramData\Google
2010-07-11 14:38:53 ----D---- C:\Program Files\DivX
2010-07-11 14:32:52 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-07-11 13:21:04 ----D---- C:\Program Files\Mozilla Firefox
2010-07-10 23:16:41 ----D---- C:\Program Files\Yahoo!
2010-07-10 21:02:42 ----D---- C:\Windows\system32\wbem
2010-07-10 21:01:48 ----D---- C:\Windows\system32\Tasks
2010-07-10 21:01:48 ----D---- C:\Windows\system32\spool
2010-07-10 21:01:48 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-10 21:01:48 ----D---- C:\Windows\inf
2010-07-10 21:01:45 ----D---- C:\Windows\registration
2010-06-30 14:03:39 ----D---- C:\Program Files\Common Files\Apple
2010-06-30 13:46:55 ----D---- C:\Windows\system32\catroot
2010-06-30 13:38:48 ----D---- C:\Windows\winsxs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 8192]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-04-27 385880]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-03-05 18992]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-06 14544]
R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-06 6080]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-30 3929600]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-04-27 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-04-27 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-04-27 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-20 18432]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-19 6144]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-02-01 982272]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-22 240128]
S2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-17 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-08-30 704512]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-04-27 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 gupdate1c9861e1ac7e0cd;Google Update Service (gupdate1c9861e1ac7e0cd); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-07 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LWWLicenseService;LWWLicenseService; C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe [2009-04-20 79360]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-03-10 364216]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-07 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464]

-----------------EOF-----------------
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am

Re: Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 18th, 2010, 10:13 am

info.txt logfile of random's system information tool 1.08 2010-07-17 20:38:03

======Uninstall list======

-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe" -uninstall
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer DV Magician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer DVDivine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GameZone Console DTV 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer HomeMedia Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe" -uninstall
Acer HomeMedia Trial Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B580C409-E16F-44FF-904D-3AE94E113BE0}\SETUP.EXE" -uninstall
Acer HomeMedia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer SlideShow DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer VideoMagician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe" -uninstall
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Active Desktop Calendar 7.86-->"C:\Program Files\XemiComputers\Active Desktop Calendar\unins000.exe"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Agatha Christie Death on the Nile-->"C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log"
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alice Greenfingers-->"C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Azada-->"C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log"
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
Bejeweled 2 Deluxe-->"C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\install.log"
BlackBerry Desktop Software 4.5-->MsiExec.exe /i{CE5E3F15-320A-4865-97D3-F07227C5BB2F}
BlackBerry Desktop Software 4.5-->MsiExec.exe /I{CE5E3F15-320A-4865-97D3-F07227C5BB2F}
Bookworm Deluxe-->"C:\Program Files\Acer GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Bookworm Deluxe\install.log"
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
Casper-->C:\Windows\uninst.exe -f"C:\Program Files\MorningStar\Casper\DeIsL1.isu"
Chicken Invaders 3-->"C:\Program Files\Acer GameZone\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Chicken Invaders 3\install.log"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Chuzzle-->"C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log"
Collins: A Short Course in Medical Terminology:Enhanced Reprint (Shared Components)-->C:\Program Files\Common Files\WoltersKluwerLWW Shared\Uninstall\Collins A Short Course in Medical TerminologyEnhanced Reprint\B53D5000\UninstApplet.exe /uninstall
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel MediaOne-->MsiExec.exe /I{A062A15F-9CAC-4B88-98DF-87628A0BD721}
Diner Dash Flo on the Go-->"C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log"
eReader-->MsiExec.exe /I{453C9E55-80DF-4BD2-9885-52A1FB0D9382}
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
ExeBook Self-Publisher-->C:\Program Files\ExeBook Self-Publisher\uninstall.exe
Fairy Godmother Tycoon-->"C:\Program Files\Oberon Media\Fairy Godmother Tycoon\Uninstall.exe" "C:\Program Files\Oberon Media\Fairy Godmother Tycoon\install.log"
FileZilla Client 3.3.0.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Flip Words 2-->"C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Jewel Quest (remove only)-->"C:\Program Files\iWin.com Games\Jewel Quest\Uninstall.exe"
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Kick N Rush-->"C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log"
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
McAfee Total Protection-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
MCE Software Encoder 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Morpheus Photo Morpher v3.01-->"C:\Program Files\Morpheus Photo Morpher\unins000.exe"
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log"
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Notebook Interactive Viewer-->MsiExec.exe /X{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OpenOffice.org 2.4-->MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Palm Desktop by ACCESS-->MsiExec.exe /X{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}
PCStitch Pro 9-->C:\Program Files\InstallShield Installation Information\{DB32A38E-4D83-49F9-9E69-4D0929C5F175}\setup.exe -runfromtemp -l0x0009 ANYTHING -removeonly
PE585QA-32-->MsiExec.exe /I{A687B4D9-0047-468F-ABCC-2783FA23768A}
PG583_32_inf-->MsiExec.exe /I{C49624DD-C504-4279-B9E0-65A2EB6E1619}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roxio Media Manager-->MsiExec.exe /X{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}
Sid Meier's Civilization 4 Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A241A64-9AD1-4D94-A227-6C3D5D2F854D}\setup.exe" -l0x9 -removeonly
SimCity™ Societies Demo-->MsiExec.exe /X{FF7CBA18-9222-11DC-AEA9-6FAA56D89593}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SmartFTP Client 4.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 4.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /X{49F09453-8205-48CF-ADE6-29CE6B509669}
SplashMoney-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AAE5284-700D-4AB0-B0FB-57B5C8A7D93B}\setup.exe" -l0x9
SplashShopper for BlackBerry-->"C:\Program Files\InstallShield Installation Information\{31BFE5B6-3699-43CC-8CFF-32CF0F1B0608}\setup.exe" -runfromtemp -l0x0009 -removeonly
SplashShopper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0681859-D086-4384-B204-386FA7D80A5B}\setup.exe" -l0x9
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Turbo Pizza-->"C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Windows Driver Package - Conexant (cxpl_mhd) Media (11/07/2007 6.0.104.0038)-->rundll32.exe C:\PROGRA~1\DIFX\690455CD803D2085\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\y_cx88x.inf_06fe565d\y_cx88x.inf
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)-->rundll32.exe C:\PROGRA~1\DIFX\690455CD803D2085\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\omnitv.inf_0f87386d\omnitv.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Stephanie-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
Record Number: 330514
Source Name: Service Control Manager
Time Written: 20100717225109.000000-000
Event Type: Error
User:

Computer Name: Stephanie-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 330580
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20100718003149.389059-000
Event Type: Error
User:

Computer Name: Stephanie-PC
Event Code: 412
Message: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.
Record Number: 330581
Source Name: Microsoft-Windows-TaskScheduler
Time Written: 20100718003149.515059-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Stephanie-PC
Event Code: 7000
Message: The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 330637
Source Name: Service Control Manager
Time Written: 20100718003256.000000-000
Event Type: Error
User:

Computer Name: Stephanie-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
Record Number: 330651
Source Name: Service Control Manager
Time Written: 20100718003256.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Stephanie-PC
Event Code: 10000
Message:
Record Number: 105294
Source Name: Desktop
Time Written: 20100718003207.000000-000
Event Type: Error
User:

Computer Name: Stephanie-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 105312
Source Name: Microsoft-Windows-CAPI2
Time Written: 20100718003248.000000-000
Event Type: Error
User:

Computer Name: Stephanie-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 105314
Source Name: Microsoft-Windows-WMI
Time Written: 20100718003256.000000-000
Event Type: Error
User:

Computer Name: Stephanie-PC
Event Code: 10000
Message:
Record Number: 105319
Source Name: Desktop
Time Written: 20100718003519.000000-000
Event Type: Error
User:

Computer Name: Stephanie-PC
Event Code: 1000
Message: Faulting application BbDevMgr.exe, version 4.0.1.3, time stamp 0x476be204, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception code 0xc0000005, fault offset 0x00043016, process id 0xafc, application start time 0x01cb2610a3ed90a7.
Record Number: 105320
Source Name: Application Error
Time Written: 20100718003525.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Stephanie-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: STEPHANIE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x280
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 135330
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100713105937.692232-000
Event Type: Audit Success
User:

Computer Name: Stephanie-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 135331
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100713105937.692232-000
Event Type: Audit Success
User:

Computer Name: Stephanie-PC
Event Code: 5033
Message: The Windows Firewall Driver has started successfully.
Record Number: 135332
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100713105938.940240-000
Event Type: Audit Success
User:

Computer Name: Stephanie-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: STEPHANIE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Stephanie
Account Domain: Stephanie-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x254
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 135333
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100713105939.361442-000
Event Type: Audit Success
User:

Computer Name: Stephanie-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: STEPHANIE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-3324633011-2670318333-1750345384-1000
Account Name: Stephanie
Account Domain: Stephanie-PC
Logon ID: 0x173e8
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x254
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: STEPHANIE-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 135334
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100713105939.361442-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am

Re: Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 18th, 2010, 10:15 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F60A000 C:\Windows\system32\DRIVERS\atikmdag.sys 5943296 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82404000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82404000 PnpManager 3903488 bytes
0x82404000 RAW 3903488 bytes
0x82404000 WMIxWDM 3903488 bytes
0x98670000 Win32k 2105344 bytes
0x98670000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x9060A000 C:\Windows\system32\drivers\RTKVHDA.sys 1835008 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x89E04000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x89C73000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x9000E000 C:\Windows\system32\DRIVERS\smserial.sys 983040 bytes (Motorola Inc., Motorola SM56 Modem WDM Driver)
0x90406000 C:\Windows\System32\drivers\tcpip.sys 946176 bytes (Microsoft Corporation, TCP/IP Driver)
0x80668000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA640E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x90AE4000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8FE09000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x80748000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x89C02000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9D202000 C:\Windows\system32\drivers\HTTP.sys 438272 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82B7A000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x9D36F000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x90A07000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x82AA3000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9058A000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x82A07000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80627000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x901BC000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x90245000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8FF29000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8FEC7000 C:\Windows\system32\DRIVERS\yk60x86.sys 253952 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0x9035D000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89DA9000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9D2F7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x89F13000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x90207000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x827BD000 ACPI_HAL 208896 bytes
0x827BD000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82B38000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x90558000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x9018E000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x90284000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89D7E000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8FBD0000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x89F63000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x82A5E000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9D348000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x90508000 C:\Windows\system32\drivers\mfewfpk.sys 155648 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x902B1000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x903B0000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8FFA0000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x89F9B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x902E9000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9D2B8000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9D2D8000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82B1A000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9D26D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x904ED000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x90AC9000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x90134000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x9D28A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8FF05000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9D330000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90158000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x90399000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8FF7E000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA6578000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xA658E000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x905D2000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9052E000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9D2A3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8FFE6000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA6520000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8FFD2000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90544000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x902D6000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x90BA3000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9034A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8FEB5000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xA64F5000 C:\Windows\system32\DRIVERS\PSDVdisk.sys 73728 bytes (Egis Incorporated, Acer eDataSecurity Management PSD Virtual Disk Driver)
0x90A7E000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA6535000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x89F8A000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x907CA000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8060E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x89DEC000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x82B6A000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x90A5B000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x90B93000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82B02000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x9010B000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8FBB5000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x90ABA000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x89F54000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82A85000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8FFC3000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8FF67000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82A94000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9011B000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x988B0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x905E8000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x9033C000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90325000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82AF4000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x90A90000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x900FE000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x82BE0000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8FEA8000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x807C4000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA656C000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xA6511000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x907F2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x90A9D000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x90129000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x8FBC5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0xA65A4000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x90183000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x9031A000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8FF95000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x90000000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x89FED000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90AB0000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9023B000 C:\Windows\system32\drivers\MODEMCSA.sys 40960 bytes (Microsoft Corporation, Unimodem CSA Filter)
0x8F600000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x905F6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA6507000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9014E000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8FF1F000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x89FC4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x907DB000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x90A52000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x90A75000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA65AF000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82BD7000 C:\Windows\system32\DRIVERS\psdfilter.sys 36864 bytes (Egis Incorporated, Acer eDataSecurity Management PSD Filter Driver)
0xA64EC000 C:\Windows\system32\DRIVERS\PSDNServ.sys 36864 bytes (Egis Incorporated, Acer eDataSecurity Management PSD Named Pipe Driver)
0x90333000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x98890000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89DE3000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82A4D000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82B12000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x89FBC000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x8061F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x90AA8000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x80606000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x90A6D000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x82A56000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9030A000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90312000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FF76000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x89F4C000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x907EB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x90600000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x9D3C2000 C:\Acer\Empowering Technology\eRecovery\int15.sys 28672 bytes (Acer, Inc., int15)
0x907E4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9D3BB000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x82AED000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8FE00000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xA651D000 C:\Windows\system32\drivers\tvicport.sys 12288 bytes (EnTech Taiwan, TVicPort Driver for Windows NT/2000/XP)
0x8FF1D000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x9000B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x90A6B000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xA6547000 C:\Windows\system32\drivers\zntport.sys 4096 bytes (Zeal SoftStudio, zntport)
!!!!!!!!!!!Hidden driver: 0x86B40AEA ?_empty_? 1302 bytes
0x86B40EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x86B24C90 ?_empty_? 0 bytes
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am

Re: Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 18th, 2010, 10:15 am

==============================================
>Stealth
==============================================
0x82B12000 WARNING: suspicious driver modification [atapi.sys::0x86B40AEA]
0x05840000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 102400 bytes
0x004B0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x87A29570 ] PID: 2096, 110592 bytes
0x00A10000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 110592 bytes
0x00D40000 Hidden Image-->eSettings.Model.Computer.dll [ EPROCESS 0x87863960 ] PID: 3796, 126976 bytes
0x03130000 Hidden Image-->eSettings.Model.Library.dll [ EPROCESS 0x87863960 ] PID: 3796, 126976 bytes
0x064D0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 143360 bytes
0x07B50000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 1519616 bytes
0x054E0000 Hidden Image-->eSettings.Presenter.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 167936 bytes
0x076C0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 1683456 bytes
0x05050000 Hidden Image-->Acer.Empowering.Framework.LaunchBarView.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 1863680 bytes
0x062F0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 208896 bytes
0x06500000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 225280 bytes
0x04E20000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 258048 bytes
0x07610000 Hidden Image-->eRecoveryUI.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 2715648 bytes
0x009C0000 Hidden Image-->log4net.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 282624 bytes
0x00B50000 Hidden Image-->log4net.dll [ EPROCESS 0x87BC62A8 ] PID: 3100, 282624 bytes
0x00B70000 Hidden Image-->log4net.dll [ EPROCESS 0x87863960 ] PID: 3796, 282624 bytes
0x00AB0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x87A29570 ] PID: 2096, 28672 bytes
0x00AD0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x87A29570 ] PID: 2096, 28672 bytes
0x003E0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x00400000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x00C90000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x01070000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x011E0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x01090000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x010A0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x011D0000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x01220000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x01230000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x04D10000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x04E60000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x05270000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x050E0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x05260000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x05290000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x056A0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x056F0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x05720000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x05870000 Hidden Image-->atixclib.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x05F40000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x05F30000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x05F50000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 28672 bytes
0x01BA0000 Hidden Image-->Acer.Empowering.Framework.Interface.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 28672 bytes
0x053D0000 Hidden Image-->ServiceInterface.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 28672 bytes
0x05530000 Hidden Image-->ePerformance.Model.Interface.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 28672 bytes
0x05570000 Hidden Image-->MemCheck.Interface.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 28672 bytes
0x00390000 Hidden Image-->MemCheck.Interface.dll [ EPROCESS 0x87BC62A8 ] PID: 3100, 28672 bytes
0x00E70000 Hidden Image-->ServiceInterface.dll [ EPROCESS 0x86616D90 ] PID: 1456, 28672 bytes
0x00E80000 Hidden Image-->IERYETF.dll [ EPROCESS 0x86616D90 ] PID: 1456, 28672 bytes
0x06D00000 Hidden Image-->eSettings.View.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 3428352 bytes
0x00B70000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x87A29570 ] PID: 2096, 36864 bytes
0x00BE0000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 36864 bytes
0x01080000 Hidden Image-->AEM.Foundation.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 36864 bytes
0x00CD0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 36864 bytes
0x04D00000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 36864 bytes
0x05710000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 36864 bytes
0x01B80000 Hidden Image-->Acer.Empowering.Framework.PasswordSetting.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 36864 bytes
0x04B30000 Hidden Image-->eSettings.Plugin.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 36864 bytes
0x05520000 Hidden Image-->ePerformance.Presenter.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 36864 bytes
0x05540000 Hidden Image-->ePerformance.Model.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 36864 bytes
0x06540000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 446464 bytes
0x004E0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x87A29570 ] PID: 2096, 45056 bytes
0x00A70000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x87A29570 ] PID: 2096, 45056 bytes
0x00370000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 45056 bytes
0x003D0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 45056 bytes
0x00440000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 45056 bytes
0x00CA0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 45056 bytes
0x011B0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 45056 bytes
0x01AF0000 Hidden Image-->Acer.Empowering.Framework.Shared.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 45056 bytes
0x04B40000 Hidden Image-->eSettings.Model.ComputerInterfaces.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 45056 bytes
0x00D60000 Hidden Image-->eSettings.Model.ComputerInterfaces.dll [ EPROCESS 0x87863960 ] PID: 3796, 45056 bytes
0x05D90000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 454656 bytes
0x06270000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 479232 bytes
0x06450000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 495616 bytes
0x00B50000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x87A29570 ] PID: 2096, 53248 bytes
0x00CB0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 53248 bytes
0x00C70000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 53248 bytes
0x00C80000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 53248 bytes
0x011F0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 53248 bytes
0x05280000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 53248 bytes
0x05580000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 53248 bytes
0x05700000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 53248 bytes
0x05860000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 53248 bytes
0x01B10000 Hidden Image-->Acer.Empowering.Framework.Host.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 53248 bytes
0x05510000 Hidden Image-->ePerformance.Plugin.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 53248 bytes
0x05550000 Hidden Image-->ePerformance.Library.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 53248 bytes
0x003A0000 Hidden Image-->ePerformance.Library.dll [ EPROCESS 0x87BC62A8 ] PID: 3100, 53248 bytes
0x003F0000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 61440 bytes
0x05880000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 61440 bytes
0x00B50000 Hidden Image-->Acer.Empowering.Shared.UI.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 61440 bytes
0x00CF0000 Hidden Image-->Acer.Empowering.Framework.Presenter.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 61440 bytes
0x00A90000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x87A29570 ] PID: 2096, 69632 bytes
0x00410000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 69632 bytes
0x041E0000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 69632 bytes
0x00A30000 Hidden Image-->Acer.Empowering.Framework.DialogManager.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 69632 bytes
0x04E80000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 77824 bytes
0x01A20000 Hidden Image-->Acer.Empowering.Windows.Forms.dll [ EPROCESS 0x8796AD90 ] PID: 2860, 790528 bytes
0x00BF0000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 86016 bytes
0x06330000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x863FF448 ] PID: 2744, 86016 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\cstreams\78048\cstreams.lua
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\cstreams\78048\cstreams.rgx
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\cstreams\78048\manifest
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\sentag\27851\manifest
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\sentag\27851\sentag.lua
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\sentag\27851\sentence.lut
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\sentag\27851\tags.lut
!-->[Hidden] C:\ProgramData\McAfee\MCLOGS\mcsmtstr\McUICnt\McUICnt000.log
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da7111523201210.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da7111523201ad0.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da7111523203520.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da711152320370.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da711152321540.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da7111523231790.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da7111523242710.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da7111523253690.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da7111523275a0.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da7111523281520.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da71115232923b0.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da71115232a3420.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da71115232c910.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da711152371390.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da711152375f0.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da711152381090.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7da71116241c3cf0.bup
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS14E46.log
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report066a9109\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report066a9109\WER49BD.tmp.version.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report066a9109\WER49CE.tmp.appcompat.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report066a9109\WER4C4E.tmp.hdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report066a9109\WER827C.tmp.mdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\store.lock
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28V60QQ1\syncmessage[1].htm
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\11B292EFd01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\11CD1C81d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\2FFCB7A7d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\3A48A009d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\4DF3BB0Cd01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\51BBD380d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\52D4E476d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\54E0618Fd01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\58A08F5Cd01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\59CFB3C4d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\6769A6E2d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\7A8E48E2d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\8CFD0AAFd01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\9D1C7AF3d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\BC119BE8d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\C0195612d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\C324C448d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\D2BEE1F9d01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\DF64AD0Bd01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\F6C746BEd01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\F96F889Dd01
!-->[Hidden] C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\lgy7fiyu.default\Cache\FA190509d01
!-->[Hidden] C:\Users\Stephanie\AppData\Roaming\Apple Computer\Logs\asl.230503_17Jul10.log
!-->[Hidden] C:\Users\Stephanie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XHDUAFJY\www.wptv.com\s_br.sol
!-->[Hidden] C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\lgy7fiyu.default\bookmarkbackups\bookmarks-2010-07-18.json
!-->[Hidden] C:\Users\Stephanie\Documents\LoaderBackup-(2009-12-05).ipd::$DATA
!-->[Hidden] C:\Windows\Prefetch\BUBBLES.SCR-7B603539.pf
!-->[Hidden] C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
!-->[Hidden] C:\Windows\Prefetch\MCINFO.EXE-73BBFA2D.pf
!-->[Hidden] C:\Windows\Prefetch\RUNDLL32.EXE-EC5D2F67.pf
!-->[Hidden] C:\Windows\Prefetch\SOLITAIRE.EXE-906D7E29.pf
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PFEWDJ5L\pfiles.5min.com\analytics.sol
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pfiles.5min.com\settings.sol
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am

Re: Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 18th, 2010, 10:17 am

==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000B4DEA, Type: Inline - RelativeJump 0x824B8DEA-->824B8DF1 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x8262871E-->82BACD8C [mfehidk.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x825E6F80-->82BACDB6 [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x82628D75-->82BACDA2 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x8242B18C-->82BACD78 [mfehidk.sys]
[1024]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[1024]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[1024]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[1024]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[1024]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[1024]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[1024]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[1024]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[1024]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[1024]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[1024]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[1024]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[1024]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[1024]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[1024]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[1024]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[1024]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[1216]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[1216]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[1216]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[1216]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[1216]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[1216]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[1216]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[1216]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[1244]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[1244]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[1244]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[1244]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[1244]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[1476]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [McProxy.dll]
[1476]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [McProxy.dll]
[1480]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[1480]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[1480]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[1480]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[1480]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[1480]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[1480]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[1480]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[1480]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[1480]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[1480]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[1480]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[1480]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[1480]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[1480]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[1480]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[1480]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[1524]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[1524]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[1524]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[1524]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[1524]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[1524]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[1524]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[1524]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[1524]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[1524]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[1524]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[1524]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[1524]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[1524]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[1524]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[1524]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[1524]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[1652]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[1652]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[1652]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[1652]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[1652]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[1652]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[1652]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[1652]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[1652]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[1652]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[1780]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[1780]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[1780]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[1780]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[1780]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[1780]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[1780]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[1780]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[1780]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[1780]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[2008]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[2008]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[2008]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[2008]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[2008]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[2008]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[2008]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[2008]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[2008]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[2008]explorer.exe-->mswsock.dll+0x000024B9, Type: Inline - RelativeJump 0x754124B9-->00000000 [unknown_code_page]
[2008]explorer.exe-->mswsock.dll+0x00005604, Type: Inline - RelativeJump 0x75415604-->00000000 [unknown_code_page]
[2008]explorer.exe-->mswsock.dll+0x000057C5, Type: Inline - RelativeJump 0x754157C5-->00000000 [unknown_code_page]
[2008]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x777D99E8-->00000000 [unknown_code_page]
[2008]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[2008]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[2008]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[2008]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x777D92A8-->00000000 [unknown_code_page]
[2008]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [PSDProtect.dll]
[2008]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [PSDProtect.dll]
[2008]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[2008]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[2008]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[2008]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[2008]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[260]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[260]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[260]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[260]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[260]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[260]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[260]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[260]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[260]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[260]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[260]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[260]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[260]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[260]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[260]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[260]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[260]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[2840]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[2840]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[2840]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[2840]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[2840]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[2840]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[2840]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[2840]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[2840]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[2840]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[2840]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[2840]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[2840]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[2840]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[2840]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[2840]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[2840]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[2860]Acer.Empowering.Framework.Supervisor.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2860]Acer.Empowering.Framework.Supervisor.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[2860]Acer.Empowering.Framework.Supervisor.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[2860]Acer.Empowering.Framework.Supervisor.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2860]Acer.Empowering.Framework.Supervisor.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721488-->00000000 [shimeng.dll]
[2860]Acer.Empowering.Framework.Supervisor.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[2916]eRAgent.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2916]eRAgent.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[2916]eRAgent.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x0043F2C0-->00000000 [AcLayers.dll]
[2916]eRAgent.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0043F318-->00000000 [shimeng.dll]
[2916]eRAgent.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[2916]eRAgent.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2916]eRAgent.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721488-->00000000 [shimeng.dll]
[3388]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[3388]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[3388]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[3388]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[3388]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[3388]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[3388]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[3388]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[3388]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[3388]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[3388]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[3388]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[3388]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[3388]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[3388]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[3388]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[3596]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[3596]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[3596]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[3596]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[3596]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[3596]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[3596]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[3596]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[3596]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[3596]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[3596]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[3596]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[3596]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[3596]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[3596]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[3596]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[3596]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[3612]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[3612]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[3612]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[3612]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[3612]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721488-->00000000 [shimeng.dll]
[3644]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[3644]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[3644]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[3644]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[3644]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[3644]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[3644]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[3644]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[3644]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[3644]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[3644]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[3644]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[3644]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[3644]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[3644]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[3644]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[3644]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[3804]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[3804]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[3804]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[3804]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[3804]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[3804]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[3804]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[3804]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[3804]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[3804]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[3804]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[3804]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[3804]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[3804]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[3804]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[3804]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[3804]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[5932]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[5932]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[5932]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[5932]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[5932]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[5932]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[5932]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[5932]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[5932]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[5932]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[5932]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[5932]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[5932]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[5932]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[5932]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[5932]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[5932]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[764]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[764]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[764]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[764]services.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[764]services.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[764]services.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[764]services.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[764]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[776]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[776]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[776]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[776]lsass.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[776]lsass.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[776]lsass.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[776]lsass.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[776]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7651B8AE-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7651B5E7-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7652BCE1-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7652B83D-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x76520BF5-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7652D4E8-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7653F09D-->00000000 [unknown_code_page]
[964]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x76533CB0-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7633CF71-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7633CC4E-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7638430E-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x762F5C44-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76320284-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x762F1C36-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x762F1C01-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7633B8B6-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x762F19C9-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x762F1929-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76319491-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76319469-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x763130C3-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7631361F-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x762F1DD1-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76318D7E-->00000000 [unknown_code_page]
[964]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x763854FF-->00000000 [unknown_code_page]
[964]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x777D8008-->00000000 [unknown_code_page]
[964]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x777D80C8-->00000000 [unknown_code_page]
[964]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x777D8968-->00000000 [unknown_code_page]
[964]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x765F03DD-->00000000 [unknown_code_page]
[964]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x765F20A3-->00000000 [unknown_code_page]
[964]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x7663B019-->00000000 [unknown_code_page]
[964]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x765F2A58-->00000000 [unknown_code_page]
[964]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x762C36D1-->00000000 [unknown_code_page]
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am

Re: Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 18th, 2010, 10:30 am

I did not use the computer for anything other than following your instructions yesterday evening. My daughter called me at work complaining about her Google searches being redirected. I instructed her to turn the computer off for the day. Rootkit Unhooker took six hours to run. I am not sure if that is a normal run time. My uptime this morning has been twenty-three minutes and I have already received the "Host Process for Windows Services has Stopped Working." I usually just minimize that message but, it has disappeared on its own. I will wait to try Windows Update until instructed. I would like to add something that I did not mention earlier, I turned off my systems restore points with my first post for help here.


Stephanie
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am

Re: Browser Redirects and Windows Update Blocked

Unread postby Cypher » July 18th, 2010, 12:03 pm

Hi Stephanie.
I turned off my systems restore points with my first post for help here.

The first thing i would like you to do is turn system restore back on, please do so now.
Then compleate the following instructions and let me know how you're PC is performing.


Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • RAight on the erunt-setup.exe and select " Run as administrator " to run it.
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [-HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Next.

TDSSKiller

  • Please Download TDSSKiller.exe and save it on your desktop.
  • Important!: Run this fix once and once only.
  • Right click TDSSKiller.exe and select " Run as administrator " to run it.
  • a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 19.06.2010
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.


Next.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exeand select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir 
    C:\qjcn

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt



    Logs/Information to Post in your Next Reply

    • OTM log.
    • RSIT log.txt.
    • TDSSKiller log.
    • SystemLook.txt.
    • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 18th, 2010, 12:46 pm

I have followed the instructions and I am now on the OTM step. I have gotten to the point of pressing "MOVEIT" It ran and I now see at the top of the window beside the software title and version number, "Not Responding" I see blank screen all around outside the OTM window. My cursor does have the animated O that is normally seen when a process is being performed. I do not know if this is what is normally seen when running this function. I have received the "Not Responding" message on other programs and I have always waited for things to "Respond".

I am allowing this to run it's course as I do not know what to do if it continues not responding.

Stephanie

***Note***
Program has responded and is running.
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am

Re: Browser Redirects and Windows Update Blocked

Unread postby Cypher » July 18th, 2010, 1:18 pm

Hi Stephanie
let me know if you were able to complete all instructions.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 18th, 2010, 1:26 pm

I was able to complete all of your instructions. I do have to apologize, in review of all instructions once they were completed, I mistakenly ran RSIT after TDSSKiller. I do hope that I have not caused harm in this process by doing so.

Stephanie


All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Stephanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112094 bytes
->Flash cache emptied: 41661 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Stephanie
->Temp folder emptied: 7183793 bytes
->Temporary Internet Files folder emptied: 21012843 bytes
->Java cache emptied: 43909700 bytes
->FireFox cache emptied: 102307385 bytes
->Flash cache emptied: 1098951 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 675840 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 284679937 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 74508625 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 36745050 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 546.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 07182010_123229

Files moved on Reboot...
C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am

Re: Browser Redirects and Windows Update Blocked

Unread postby tmnyfeathers » July 18th, 2010, 1:27 pm

Logfile of random's system information tool 1.08 (written by random/random)
Run by Stephanie at 2010-07-18 13:14:44
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 84 GB (57%) free of 148 GB
Total RAM: 2815 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:14:53 PM, on 7/18/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Stephanie\Desktop\RSIT.exe
C:\Program Files\trend micro\Stephanie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100519051035.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1440x900.cmd
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: IMVU.lnk = C:\Users\Stephanie\AppData\Roaming\IMVUClient\IMVUClient.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c9861e1ac7e0cd) (gupdate1c9861e1ac7e0cd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12053 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\WebReg Deskjet F300 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2009-12-21 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100519051035.dll [2010-04-27 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-12 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-05 4669440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2008-01-09 326176]
"PCMMediaSharing"=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-25 204908]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-02-01 630784]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-10-15 3387392]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"Apanel"=C:\ACERSW\config\NewSetApanel.cmd []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"eRecoveryService"= []
"Setresolution"=C:\ACERSW\config\1440x900.cmd []
"HotSync"=C:\Program Files\PalmSource\Desktop\HotSync.exe -AllUsers []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-03-06 236016]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-04-01 1180976]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Aim6"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-03 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
IMVU.lnk - C:\Users\Stephanie\AppData\Roaming\IMVUClient\IMVUClient.exe
WkCalRem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-07-18 13:08:01 ----A---- C:\TDSSKiller.2.3.2.2_18.07.2010_13.08.01_log.txt
2010-07-18 12:32:29 ----D---- C:\_OTM
2010-07-18 12:27:48 ----D---- C:\Windows\ERDNT
2010-07-18 12:27:07 ----D---- C:\Program Files\ERUNT
2010-07-17 20:37:44 ----D---- C:\rsit
2010-07-13 11:55:31 ----D---- C:\Program Files\Trend Micro
2010-07-12 14:52:16 ----D---- C:\Users\Stephanie\AppData\Roaming\Malwarebytes
2010-07-12 14:52:09 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-12 14:52:08 ----D---- C:\ProgramData\Malwarebytes
2010-07-12 14:52:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-12 14:52:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-10 23:16:51 ----D---- C:\Program Files\Common Files\Scanner
2010-07-10 09:53:15 ----D---- C:\ProgramData\WindowsSearch
2010-06-30 13:47:31 ----D---- C:\Users\Stephanie\AppData\Roaming\Apple Computer
2010-06-30 13:46:54 ----DC---- C:\Windows\system32\DRVSTORE
2010-06-30 13:45:57 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-30 13:45:57 ----D---- C:\Program Files\iTunes
2010-06-30 13:43:46 ----D---- C:\Program Files\QuickTime
2010-06-30 13:43:42 ----D---- C:\ProgramData\Apple Computer
2010-06-30 13:41:08 ----D---- C:\Program Files\Apple Software Update

======List of files/folders modified in the last 1 months======

2010-07-18 13:14:44 ----D---- C:\Windows\Temp
2010-07-18 13:11:36 ----D---- C:\Windows\Prefetch
2010-07-18 13:10:03 ----D---- C:\Windows\system32\drivers
2010-07-18 12:58:06 ----D---- C:\Windows\System32
2010-07-18 12:27:48 ----D---- C:\Windows
2010-07-18 12:27:07 ----RD---- C:\Program Files
2010-07-18 09:59:13 ----D---- C:\Windows\Tasks
2010-07-16 18:41:40 ----D---- C:\Users\Stephanie\AppData\Roaming\IMVU
2010-07-15 17:16:37 ----D---- C:\qjcn
2010-07-13 13:31:14 ----SHD---- C:\System Volume Information
2010-07-13 11:58:01 ----SHD---- C:\Windows\Installer
2010-07-13 11:58:01 ----HD---- C:\Config.Msi
2010-07-13 11:57:56 ----D---- C:\Program Files\Common Files
2010-07-13 11:15:10 ----D---- C:\Windows\system32\catroot2
2010-07-13 07:00:03 ----A---- C:\Windows\ntbtlog.txt
2010-07-12 14:52:08 ----HD---- C:\ProgramData
2010-07-12 13:32:35 ----D---- C:\BFUploads
2010-07-11 18:45:43 ----D---- C:\Program Files\Common Files\Java
2010-07-11 15:04:29 ----D---- C:\Program Files\McAfee
2010-07-11 14:54:29 ----D---- C:\Program Files\Viewpoint
2010-07-11 14:54:11 ----D---- C:\Users\Stephanie\AppData\Roaming\Uniblue
2010-07-11 14:54:11 ----D---- C:\ProgramData\DriverScanner
2010-07-11 14:54:11 ----D---- C:\Program Files\Uniblue
2010-07-11 14:46:41 ----D---- C:\Program Files\SoftLogica
2010-07-11 14:46:27 ----D---- C:\Program Files\Google
2010-07-11 14:44:29 ----D---- C:\ProgramData\Google
2010-07-11 14:38:53 ----D---- C:\Program Files\DivX
2010-07-11 14:32:52 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-07-11 13:21:04 ----D---- C:\Program Files\Mozilla Firefox
2010-07-10 23:16:41 ----D---- C:\Program Files\Yahoo!
2010-07-10 21:02:42 ----D---- C:\Windows\system32\wbem
2010-07-10 21:01:48 ----D---- C:\Windows\system32\Tasks
2010-07-10 21:01:48 ----D---- C:\Windows\system32\spool
2010-07-10 21:01:48 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-10 21:01:48 ----D---- C:\Windows\inf
2010-07-10 21:01:45 ----D---- C:\Windows\registration
2010-06-30 14:03:39 ----D---- C:\Program Files\Common Files\Apple
2010-06-30 13:46:55 ----D---- C:\Windows\system32\catroot
2010-06-30 13:38:48 ----D---- C:\Windows\winsxs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 8192]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-04-27 385880]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-03-05 18992]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-06 14544]
R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-06 6080]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-30 3929600]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-04-27 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-04-27 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-04-27 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-20 18432]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-19 6144]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-02-01 982272]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-22 240128]
S2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-17 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-08-30 704512]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-04-27 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 gupdate1c9861e1ac7e0cd;Google Update Service (gupdate1c9861e1ac7e0cd); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-07 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LWWLicenseService;LWWLicenseService; C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe [2009-04-20 79360]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-03-10 364216]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-07 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464]

-----------------EOF-----------------
tmnyfeathers
Regular Member
 
Posts: 18
Joined: July 13th, 2010, 11:47 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware