Solved Virus,Redirecting searches, System Restore Disabled, restarting

[Resolved] Virus,Redirecting searches, System Restore Disabled, restarting

This one has got me in a bind!
I am not sure what it is other than a virus or some sort of malware
It started with redirecting searches. Then no system restore...onto restarting itself whenever i tried to run a virus scan (i seem to have this one taken care of and am attempting to run a full scan now and should have the log to post soon)

It is an Acer Aspire One Netbook. Windows XP.

I am a new user here and how i am doing everything right. Should i download all the other programs now as well or wait until whoever helps me tells me what they would like me to download?

Thank you in advance for your help.

 

I have downloaded Avira Antivirus Personal and am running the full scan now. When it is done i will download and run the other 4 and provide the logs for each.
Do you want the log for the Avira scan as well?

Thank you for the welcome.

 

I have performed a full Avira scan and Malwarebytes scan.
I am now attempting the GMER scan. It has been running for about 6 hours now. Does it usually take this long? All active real time protection was shut down prior to this i believe. Unless i have something hiding that i have forgotten about (which i may). I reset the computer back to factory a few weeks ago and so it may be hiding in the backup file i made on the comp that day.

EDIT: Comp went into sleep mode and i could not pull it out of it..had to start GMER scan again X_x

 

When i re-ran it..It went a LOT faster
Here are the logs

Avira AntiVir Personal
Report file date: Sunday, June 05, 2011 23:40

Scanning for 2719154 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Jenn
Computer name : HAVEN

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/1/2011 21:07:43
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2011 21:07:57
LUKE.DLL : 10.0.3.2 104296 Bytes 4/1/2011 21:07:53
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 03:37:34
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 03:38:01
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 03:38:01
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 03:38:02
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 03:38:02
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 03:38:02
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 03:38:02
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 03:38:03
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 03:38:04
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 03:38:04
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 03:38:07
VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 03:38:09
VBASE015.VDF : 7.11.9.8 2048 Bytes 6/4/2011 03:38:10
VBASE016.VDF : 7.11.9.9 2048 Bytes 6/4/2011 03:38:10
VBASE017.VDF : 7.11.9.10 2048 Bytes 6/4/2011 03:38:10
VBASE018.VDF : 7.11.9.11 2048 Bytes 6/4/2011 03:38:10
VBASE019.VDF : 7.11.9.12 2048 Bytes 6/4/2011 03:38:11
VBASE020.VDF : 7.11.9.13 2048 Bytes 6/4/2011 03:38:11
VBASE021.VDF : 7.11.9.14 2048 Bytes 6/4/2011 03:38:11
VBASE022.VDF : 7.11.9.15 2048 Bytes 6/4/2011 03:38:11
VBASE023.VDF : 7.11.9.16 2048 Bytes 6/4/2011 03:38:12
VBASE024.VDF : 7.11.9.17 2048 Bytes 6/4/2011 03:38:12
VBASE025.VDF : 7.11.9.18 2048 Bytes 6/4/2011 03:38:12
VBASE026.VDF : 7.11.9.19 2048 Bytes 6/4/2011 03:38:13
VBASE027.VDF : 7.11.9.20 2048 Bytes 6/4/2011 03:38:13
VBASE028.VDF : 7.11.9.21 2048 Bytes 6/4/2011 03:38:13
VBASE029.VDF : 7.11.9.22 2048 Bytes 6/4/2011 03:38:14
VBASE030.VDF : 7.11.9.23 2048 Bytes 6/4/2011 03:38:14
VBASE031.VDF : 7.11.9.31 50176 Bytes 6/6/2011 03:38:15
Engineversion : 8.2.5.12
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/28/2011 20:15:27
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/6/2011 03:38:49
AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 20:15:27
AESBX.DLL : 8.2.1.34 323957 Bytes 6/6/2011 03:38:50
AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 16:21:38
AEPACK.DLL : 8.2.6.8 557430 Bytes 6/6/2011 03:38:44
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/6/2011 03:38:40
AEHEUR.DLL : 8.1.2.123 3502456 Bytes 6/6/2011 03:38:39
AEHELP.DLL : 8.1.17.2 246135 Bytes 6/6/2011 03:38:23
AEGEN.DLL : 8.1.5.6 401780 Bytes 6/6/2011 03:38:21
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 20:15:19
AECORE.DLL : 8.1.21.1 196983 Bytes 6/6/2011 03:38:19
AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 20:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 20:15:31
AVPREF.DLL : 10.0.0.0 44904 Bytes 4/1/2011 21:07:42
AVREP.DLL : 10.0.0.10 174120 Bytes 6/6/2011 03:38:53
AVREG.DLL : 10.0.3.2 53096 Bytes 4/1/2011 21:07:42
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/1/2011 21:07:43
AVARKT.DLL : 10.0.22.6 231784 Bytes 4/1/2011 21:07:38
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 4/1/2011 21:07:41
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 20:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 20:15:39
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 4/1/2011 21:07:58
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/28/2011 20:15:52

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, June 05, 2011 23:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'mcsysmon.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'mcagent.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'AcerVCM.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RS_Service.exe' - '1' Module(s) have been scanned
Scan process 'MskSrver.exe' - '1' Module(s) have been scanned
Scan process 'MPFSrv.exe' - '1' Module(s) have been scanned
Scan process 'mcshield.exe' - '1' Module(s) have been scanned
Scan process 'mcproxy.exe' - '1' Module(s) have been scanned
Scan process 'mcnasvc.exe' - '1' Module(s) have been scanned
Scan process 'mcmscsvc.exe' - '1' Module(s) have been scanned
Scan process 'McSACore.exe' - '1' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[DETECTION] Contains code of the BOO/TDss.M boot sector virus
[NOTE] The boot sector was not written!

Start scanning boot sectors:

Starting to scan executable files (registry).

The registry was scanned ( '441' files ).



End of the scan: Sunday, June 05, 2011 23:41
Used time: 01:30 Minute(s)

The scan has been done completely.

0 Scanned directories
1052 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1052 Files not concerned
6 Archives were scanned
0 Warnings
1 Notes

 

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6784

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2011 3:30:24 AM
mbam-log-2011-06-06 (03-30-23).txt

Scan type: Quick scan
Objects scanned: 159330
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-06 10:59:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD16 rev.11.0
Running: cqw79si0.exe; Driver: C:\DOCUME~1\Jenn\LOCALS~1\Temp\pgldipow.sys


---- System - GMER 1.0.15 ----

SSDT A66D4D66 ZwCreateKey
SSDT A66D4D5C ZwCreateThread
SSDT A66D4D6B ZwDeleteKey
SSDT A66D4D75 ZwDeleteValueKey
SSDT A66D4D7A ZwLoadKey
SSDT A66D4D48 ZwOpenProcess
SSDT A66D4D4D ZwOpenThread
SSDT A66D4D84 ZwReplaceKey
SSDT A66D4D7F ZwRestoreKey
SSDT A66D4D70 ZwSetValueKey

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA5E392C4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA5E39272]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA5E39286]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA5E39417]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA5E39401]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA5E39304]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA5E39443]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA5E39347]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA5E392D8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA5E39489]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA5E393EB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA5E393D5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA5E3938D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA5E392B0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA5E3929C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA5E39333]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA5E3942D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA5E3931A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA5E392EE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 80515AB2 7 Bytes JMP A5E392F2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572BDF 5 Bytes JMP A5E3934B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80572F19 7 Bytes JMP A5E393D9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 80573DFB 5 Bytes JMP A5E392C8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80574B1F 5 Bytes JMP A5E392A0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A7A9 3 Bytes JMP A5E3931E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection + 4 8057A7AD 1 Byte [25]
PAGE ntoskrnl.exe!NtMapViewOfSection 8057AC21 7 Bytes JMP A5E39308 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 8057EC02 7 Bytes JMP A5E3948D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8057F002 7 Bytes JMP A5E3941B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057F56B 7 Bytes JMP A5E392DC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP A5E3928A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058E8B1 5 Bytes JMP A5E39337 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590232 7 Bytes JMP A5E39405 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80596D8A 5 Bytes JMP A5E39447 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805C7A4D 5 Bytes JMP A5E39276 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 80635EFB 5 Bytes JMP A5E392B4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80655A96 7 Bytes JMP A5E39431 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 806563CF 7 Bytes JMP A5E393EF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8065684C 7 Bytes JMP A5E39391 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01500FEF
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01500082
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01500067
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01500056
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01500F8D
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0150002F
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01500F72
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 015000BA
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01500F21
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01500F46
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01500F10
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01500FA8
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01500FD4
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01500093
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01500014
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01500FB9
.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01500F57
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014F0FDE
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014F0F8D
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014F0FEF
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014F0025
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014F004A
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014F000A
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 014F0FB2
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [6F, 89]
.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014F0FC3
.text C:\WINDOWS\system32\services.exe[744] msvcrt.dll!_wsystem 77C2931E 3 Bytes JMP 014E005D
.text C:\WINDOWS\system32\services.exe[744] msvcrt.dll!_wsystem + 4 77C29322 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[744] msvcrt.dll!system 77C293C7 3 Bytes JMP 014E0042
.text C:\WINDOWS\system32\services.exe[744] msvcrt.dll!system + 4 77C293CB 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[744] msvcrt.dll!_creat 77C2D40F 3 Bytes JMP 014E000C
.text C:\WINDOWS\system32\services.exe[744] msvcrt.dll!_creat + 4 77C2D413 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014E0FE3
.text C:\WINDOWS\system32\services.exe[744] msvcrt.dll!_wcreat 77C2FC9B 3 Bytes JMP 014E0027
.text C:\WINDOWS\system32\services.exe[744] msvcrt.dll!_wcreat + 4 77C2FC9F 1 Byte [89]
.text C:\WINDOWS\system32\services.exe[744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014E0FD2
.text C:\WINDOWS\system32\services.exe[744] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\services.exe[744] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\services.exe[744] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\services.exe[744] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00FE0036
.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0025
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0F30
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0F57
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0F72
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE0F9E
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0053
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE0F0B
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0ED5
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE006E
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE0EBA
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0F8D
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE0014
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE0036
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0FC3
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE0EF0
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E10FCD
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E10F90
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E10FDE
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E10FA1
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E10043
.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E10FBC
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E0004E
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E00033
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E00FDE
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E0000C
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E00FC3
.text C:\WINDOWS\system32\lsass.exe[756] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DF0FE5
.text C:\WINDOWS\system32\lsass.exe[756] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DE0000
.text C:\WINDOWS\system32\lsass.exe[756] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DE0FE5
.text C:\WINDOWS\system32\lsass.exe[756] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DE001B
.text C:\WINDOWS\system32\lsass.exe[756] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00DE002C
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02710000
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02710082
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02710071
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02710F97
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02710FA8
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02710FB9
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02710F57
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027100A9
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02710F2B
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027100C4
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02710F06
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02710040
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02710FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02710F7C
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02710FCA
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02710025
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02710F46
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02700022
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02700F9E
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02700011
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02700000
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02700FAF
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02700FEF
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02700FC0
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [90, 8A]
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0270003D
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 026F004C
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!system 77C293C7 5 Bytes JMP 026F0027
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 026F0FC8
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_open 77C2F566 5 Bytes JMP 026F0FEF
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 026F0FB7
.text C:\WINDOWS\system32\svchost.exe[944] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 026F000C
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 026D0000
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 026D001B
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 026D0FEF
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 026D0FD4
.text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 026E0FEF
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01230FE5
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0123006E
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0123005D
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01230F83
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01230040
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01230F94
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01230F3C
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01230F4D
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01230F2B
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012300BA
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01230F1A
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0123001B
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01230FD4
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01230F5E
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01230FA5
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01230000
.text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0123009F
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0122005B
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01220FBC
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01220036
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01220025
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01220FCD
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0122000A
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01220FDE
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [42, 89]
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01220FEF
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01210FB9
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!system 77C293C7 5 Bytes JMP 01210044
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01210018
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01210FEF
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01210029
.text C:\WINDOWS\system32\svchost.exe[1016] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01210FDE
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00700025
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00700036
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00700FE5
.text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00710FE5
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E9000A
.text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0071000C
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03A80000
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03A80F8D
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03A80F9E
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03A80FAF
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03A80062
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03A80036
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03A80F4B
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03A80F68
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03A800B8
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03A80F29
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03A800D3
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03A80047
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03A80FE5
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03A80093
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03A80FCA
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03A8001B
.text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03A80F3A
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03A70FCD
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03A70080
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03A7001E
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03A70FDE
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03A7006F
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03A70FEF
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03A7005E
.text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03A70039
.text C:\WINDOWS\System32\svchost.exe[1060] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F8000A
.text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03A60FBC
.text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!system 77C293C7 5 Bytes JMP 03A60FCD
.text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03A60FDE
.text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03A60FEF
.text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03A6003D
.text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03A6000C
.text C:\WINDOWS\System32\svchost.exe[1060] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03350FEF
.text C:\WINDOWS\System32\svchost.exe[1060] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03350FCA
.text C:\WINDOWS\System32\svchost.exe[1060] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03350FAF
.text C:\WINDOWS\System32\svchost.exe[1060] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 03350F9E
.text C:\WINDOWS\System32\svchost.exe[1060] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03A50FEF
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00710FEF
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00710F83
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00710078
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00710F9E
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00710FAF
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00710FC0
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007100C1
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007100B0
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00710108
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007100ED
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00710F54
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00710051
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00710093
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0071002C
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0071001B
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007100D2
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0070002F
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0070006F
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0070000A
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00700FD4
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00700054
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00700FEF
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00700FB2
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [90, 88]
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00700FC3
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006F0FC3
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!system 77C293C7 5 Bytes JMP 006F0058
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006F0033
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006F0FDE
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006F000C
.text C:\WINDOWS\system32\svchost.exe[1176] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\svchost.exe[1176] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\svchost.exe[1176] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\svchost.exe[1176] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\svchost.exe[1176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001D0FEF
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0071005F
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00710F6A
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00710044
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00710033
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00710FB6
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00710F2D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00710F3E
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00710EF7
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00710090
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00710EE6
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00710F91
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00710011
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00710F4F
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00710FC7
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00710022
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00710F12
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0070003D
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00700FAC
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0070002C
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00700011
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00700FC7
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00700069
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0070004E
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006F0F97
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 006F0FB2
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006F0FD7
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006F002C
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006F0011
.text C:\WINDOWS\system32\svchost.exe[1212] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\svchost.exe[1212] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\svchost.exe[1212] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\svchost.exe[1212] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001D0000
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[1660] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B8000C
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02FE000A
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02FE0062
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02FE0F6D
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02FE0F7E
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02FE0F9B
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02FE002C
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02FE00A2
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02FE0087
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02FE00C4
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02FE00B3
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02FE0F10
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02FE003D
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02FE0FE5
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02FE0F5C
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02FE0FCA
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02FE001B
.text C:\WINDOWS\Explorer.EXE[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02FE0F35
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02F70FE5
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02F70FA5
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02F70036
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02F7001B
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02F7006C
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02F70000
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02F7005B
.text C:\WINDOWS\Explorer.EXE[1660] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02F70FD4
.text C:\WINDOWS\Explorer.EXE[1660] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02F60F9C
.text C:\WINDOWS\Explorer.EXE[1660] msvcrt.dll!system 77C293C7 5 Bytes JMP 02F60027
.text C:\WINDOWS\Explorer.EXE[1660] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02F60FD2
.text C:\WINDOWS\Explorer.EXE[1660] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02F60000
.text C:\WINDOWS\Explorer.EXE[1660] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02F60FAD
.text C:\WINDOWS\Explorer.EXE[1660] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02F60FE3
.text C:\WINDOWS\Explorer.EXE[1660] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02C50FE5
.text C:\WINDOWS\Explorer.EXE[1660] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02C50FD4
.text C:\WINDOWS\Explorer.EXE[1660] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02C50014
.text C:\WINDOWS\Explorer.EXE[1660]

 

WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 02C50025
.text C:\WINDOWS\Explorer.EXE[1660] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02F50FE5
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F5A
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0F6B
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0F7C
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0F8D
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0FB2
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F35
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0071
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA00B3
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0F10
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA00CE
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0039
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0060
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0028
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0FCD
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0098
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90F94
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90051
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C90040
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90025
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80FB0
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80FC1
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80FE3
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FD2
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80011
.text C:\WINDOWS\system32\svchost.exe[1780] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\svchost.exe[1780] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00700011
.text C:\WINDOWS\system32\svchost.exe[1780] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0070002C
.text C:\WINDOWS\system32\svchost.exe[1780] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00700FDB
.text C:\WINDOWS\system32\svchost.exe[1780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD0082
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD0F8D
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD0F9E
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD0FAF
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD002C
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD0F55
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0F66
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD00B8
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD0F1F
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DD00D3
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DD0047
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DD009D
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DD0FC0
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DD0011
.text C:\WINDOWS\system32\svchost.exe[2300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DD0F3A
.text C:\WINDOWS\system32\svchost.exe[2300] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DC0FAF
.text C:\WINDOWS\system32\svchost.exe[2300] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DC0040
.text C:\WINDOWS\system32\svchost.exe[2300] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\svchost.exe[2300] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\svchost.exe[2300] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DC0F83
.text C:\WINDOWS\system32\svchost.exe[2300] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[2300] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DC0F94
.text C:\WINDOWS\system32\svchost.exe[2300] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FC, 88]
.text C:\WINDOWS\system32\svchost.exe[2300] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[2300] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710F9C
.text C:\WINDOWS\system32\svchost.exe[2300] msvcrt.dll!system 77C293C7 5 Bytes JMP 0071001D
.text C:\WINDOWS\system32\svchost.exe[2300] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00710FC1
.text C:\WINDOWS\system32\svchost.exe[2300] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00710FEF
.text C:\WINDOWS\system32\svchost.exe[2300] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0071000C
.text C:\WINDOWS\system32\svchost.exe[2300] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710FD2
.text C:\WINDOWS\system32\svchost.exe[2300] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\system32\svchost.exe[2300] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\svchost.exe[2300] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 006F0025
.text C:\WINDOWS\system32\svchost.exe[2300] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 006F0036
.text C:\WINDOWS\system32\svchost.exe[2300] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00700000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0x85964000 \WINDOWS\system32\KDCOM.DLL
0xF7A51000 \WINDOWS\system32\BOOTVID.dll
0xF75EE000 ACPI.sys
0xF7B3D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75DD000 pci.sys
0xF763D000 isapnp.sys
0xF7A55000 compbatt.sys
0xF7A59000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7C05000 pciide.sys
0xF78BD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF764D000 MountMgr.sys
0xF75BE000 ftdisk.sys
0xF78C5000 PartMgr.sys
0xF7A5D000 ACPIEC.sys
0xF7C06000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF765D000 VolSnap.sys
0xF75A6000 atapi.sys
0xF74D8000 iaStor.sys
0xF766D000 disk.sys
0xF767D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74B8000 fltMgr.sys
0xF74A6000 sr.sys
0xF768D000 PxHelp20.sys
0xF748F000 KSecDD.sys
0xF7402000 Ntfs.sys
0xF73D5000 NDIS.sys
0xF73BB000 Mup.sys
0xF77DD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5BDB000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5BC7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5B9F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77ED000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xF7935000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5B7B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF793D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7373000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF77FD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7945000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF794D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5B4A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B81000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF780D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF5ACE000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF7955000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF734D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7CE3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF781D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7349000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5AB7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF782D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF783D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7965000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5AA6000 \SystemRoot\system32\DRIVERS\psched.sys
0xF784D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF796D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7975000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF785D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B87000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5A83000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5A25000 \SystemRoot\system32\DRIVERS\update.sys
0xF7339000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF63C2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF772D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA91B9000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA9195000 \SystemRoot\system32\drivers\portcls.sys
0xF773D000 \SystemRoot\system32\drivers\drmk.sys
0xA9189000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BFB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA6C24000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BFD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF795D000 \SystemRoot\System32\drivers\vga.sys
0xF7BFF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C01000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79FD000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A05000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA9191000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA6092000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA6039000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA5FEA000 \SystemRoot\System32\Drivers\Mpfp.sys
0xA5FC4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA96E2000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA5F9C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA5F7A000 \SystemRoot\System32\drivers\afd.sys
0xA96D2000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8CF5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA5EC3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA5E53000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA5E20000 \SystemRoot\system32\drivers\mfehidk.sys
0xA6942000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0xA96B2000 \SystemRoot\System32\Drivers\Fips.SYS
0xA5DD2000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B4D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xA0B8A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9FAD4000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA0D7B000 \SystemRoot\System32\drivers\Dxapi.sys
0xA0C58000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA55BB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBF47A000 \SystemRoot\System32\ATMFD.DLL
0x9FABF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA2F5C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9FA5A000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8008000 \SystemRoot\system32\drivers\sysaudio.sys
0x9F8BD000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9F7BD000 \SystemRoot\system32\DRIVERS\srv.sys
0xA697C000 \SystemRoot\system32\drivers\mfebopk.sys
0x9EE20000 \SystemRoot\system32\drivers\mfeavfk.sys
0x9ED67000 \SystemRoot\System32\Drivers\HTTP.sys
0x9EA9F000 \SystemRoot\system32\drivers\mfesmfk.sys
0x9E93B000 \??\C:\DOCUME~1\Jenn\LOCALS~1\Temp\pgldipow.sys
0x9E910000 \SystemRoot\system32\drivers\kmixer.sys
0x9E733000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
624 C:\WINDOWS\system32\smss.exe
672 csrss.exe
696 C:\WINDOWS\system32\winlogon.exe
744 C:\WINDOWS\system32\services.exe
756 C:\WINDOWS\system32\lsass.exe
944 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1212 svchost.exe
1344 C:\WINDOWS\system32\spoolsv.exe
1444 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1660 C:\WINDOWS\explorer.exe
1780 svchost.exe
1864 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1956 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2016 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
180 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
240 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
276 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
360 C:\PROGRA~1\LAUNCH~1\LManager.exe
372 C:\WINDOWS\system32\igfxtray.exe
384 C:\WINDOWS\system32\hkcmd.exe
412 C:\WINDOWS\system32\igfxpers.exe
464 C:\WINDOWS\RTHDCPL.EXE
500 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
508 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
544 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
584 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
612 C:\WINDOWS\system32\ctfmon.exe
136 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
760 C:\WINDOWS\system32\igfxsrvc.exe
1436 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1772 C:\Program Files\McAfee\MPF\MpfSrv.exe
2064 C:\Program Files\McAfee\MSK\msksrver.exe
2224 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2300 C:\WINDOWS\system32\svchost.exe
2380 wdfmgr.exe
2488 C:\WINDOWS\system32\igfxext.exe
2556 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
3552 alg.exe
4024 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
1700 C:\WINDOWS\system32\wuauclt.exe
368 wmiprvse.exe
4000 C:\Documents and Settings\Jenn\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

 

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jenn at 11:02:52 on 2011-06-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.471 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxext.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph05113015l03c4wu15w47926502
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph05113015l03c4wu15w47926502
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe "
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\program files\mcafee\msk\MskAPBho.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\documents and settings\all users\application data\partner\partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8AEC348C-E1FE-4834-99A4-803F3C8203D4} : DhcpNameServer = 192.168.1.254
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jenn\application data\mozilla\firefox\profiles\tr0oh2jq.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-5 11608]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-1 212968]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-5 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-5 61960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-1 198432]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-1 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-1 144704]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-8-1 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-1 38912]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-1 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-1 79272]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-1 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-1 40488]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-21 135664]
S2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\imfsrv.exe --> c:\program files\iobit\iobit malware fighter\IMFsrv.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-1 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-1 24064]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-1 34216]
S3 Partner Service;Partner Service;c:\documents and settings\all users\application data\partner\partner.exe [2011-5-21 111088]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 30 ================
.
2011-06-06 07:18:20 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-06 07:18:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 07:18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-06 03:44:32 -------- d-----w- c:\windows\system32\NtmsData
2011-06-06 03:43:41 -------- d-----w- c:\documents and settings\jenn\application data\Avira
2011-06-06 03:35:22 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-06 03:35:18 -------- d-----w- c:\program files\Avira
2011-06-06 03:35:18 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-06-06 02:54:59 -------- d-----w- c:\program files\AVAST Software
2011-06-06 02:54:59 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-06-06 01:32:42 -------- d-----w- c:\documents and settings\jenn\application data\IObit
2011-06-06 01:32:42 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-06 01:32:41 -------- d-----w- c:\documents and settings\jenn\application data\Sammsoft
2011-06-06 01:32:41 -------- d-----w- c:\documents and settings\jenn\application data\Malwarebytes
2011-06-06 00:25:07 -------- d-sha-r- C:\cmdcons
2011-06-06 00:18:17 98816 ----a-w- c:\windows\sed.exe
2011-06-06 00:18:17 518144 ----a-w- c:\windows\SWREG.exe
2011-06-06 00:18:17 256512 ----a-w- c:\windows\PEV.exe
2011-06-06 00:18:17 208896 ----a-w- c:\windows\MBR.exe
2011-06-05 16:17:43 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-06-05 16:12:18 -------- d-----w- c:\program files\IObit
2011-06-05 16:04:43 -------- d-----w- c:\documents and settings\jenn\application data\SUPERAntiSpyware.com
2011-06-05 15:52:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-05 02:53:12 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-06-04 20:32:06 -------- d-----w- c:\documents and settings\jenn\application data\DDMSettings
2011-06-04 20:10:33 -------- d-----w- c:\program files\common files\DivX Shared
2011-06-04 19:58:43 -------- d-----w- c:\program files\DivX
2011-06-04 19:56:31 -------- d-----w- c:\documents and settings\all users\application data\DivX
2011-05-30 19:25:55 -------- d-sh--w- c:\documents and settings\jenn\IECompatCache
2011-05-30 01:49:20 -------- d-----w- c:\documents and settings\jenn\local settings\application data\Adobe
2011-05-28 18:20:17 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-05-28 18:20:17 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-05-28 18:19:55 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-05-28 18:19:55 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-05-28 15:41:04 215920 ----a-w- c:\windows\system32\muweb.dll
2011-05-28 15:41:03 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-28 15:41:03 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-05-25 15:03:31 265728 -c----w- c:\windows\system32\dllcache\http.sys
2011-05-25 03:29:05 -------- d-----w- c:\windows\ServicePackFiles
2011-05-25 03:19:33 -------- d-----w- c:\windows\ie8updates
2011-05-24 18:55:43 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2011-05-24 18:51:31 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2011-05-24 18:51:31 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2011-05-24 18:36:17 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-24 18:36:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-24 18:36:12 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-05-24 18:36:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-05-24 17:05:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-24 17:05:42 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-05-24 17:05:37 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-05-24 16:46:24 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-05-24 16:16:31 -------- d-----w- c:\windows\system32\PreInstall
2011-05-23 21:25:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 11:04:45 -------- d-----w- c:\windows\VGA
2011-05-21 11:04:44 -------- d-----w- c:\windows\3G
2011-05-21 10:17:30 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-05-21 10:17:10 -------- d-----w- c:\program files\Synaptics
2011-05-21 10:17:00 205232 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-05-21 10:16:58 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2011-05-21 10:16:58 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-05-21 10:16:58 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-05-21 10:16:57 169256 ----a-w- c:\windows\system32\SynCOM.dll
2011-05-21 10:16:56 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-05-21 10:16:36 -------- d-----w- c:\program files\Acer Crystal Eye webcam
2011-05-21 10:12:50 225280 ----a-w- c:\windows\system32\rsnp2uvc.dll
2011-05-21 10:12:49 -------- d-----w- c:\windows\SUYIN NB Cam
2011-05-21 10:12:49 -------- d-----w- c:\program files\common files\SNP2UVC
2011-05-21 10:07:03 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-05-21 10:06:57 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-05-21 10:06:50 -------- d-----w- C:\Backup
2011-05-21 07:20:39 -------- d-----w- c:\documents and settings\all users\application data\Partner
2011-05-21 07:19:52 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-05-21 07:19:50 -------- d-----w- c:\windows\Screensavers
2011-05-21 07:19:18 -------- d-sh--w- c:\documents and settings\jenn\PrivacIE
2011-05-16 15:36:00 -------- d-----w- C:\$AVG
.
==================== Find3M ====================
.
.
============= FINISH: 11:05:57.18 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/21/2011 6:10:20 AM
System Uptime: 6/6/2011 10:39:52 AM (1 hours ago)
.
Motherboard: Acer | | Aspire one
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1596/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 103.539 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: USB Composite Device
Device ID: USB\VID_0C45&PID_62C0\5&148F05A6&0&2
Manufacturer: (Standard USB Host Controller)
Name: USB Composite Device
PNP Device ID: USB\VID_0C45&PID_62C0\5&148F05A6&0&2
Service:
.
==== System Restore Points ===================
.
RP1: 5/21/2011 6:10:34 AM - System Checkpoint
RP2: 5/21/2011 6:12:47 AM - Installed WebCam
RP3: 5/21/2011 6:17:30 AM - Installed Windows XP Wdf01007.
RP4: 5/21/2011 6:17:46 AM - Installed Acer eRecovery Management
RP5: 5/24/2011 12:16:11 PM - Software Distribution Service 3.0
RP6: 5/24/2011 11:17:57 PM - Software Distribution Service 3.0
RP7: 5/25/2011 10:07:14 AM - Software Distribution Service 3.0
RP8: 5/25/2011 6:33:32 PM - Software Distribution Service 3.0
RP9: 5/28/2011 1:14:58 PM - System Checkpoint
RP10: 5/29/2011 10:02:18 AM - Software Distribution Service 3.0
RP11: 5/30/2011 1:38:51 AM - Software Distribution Service 3.0
RP12: 5/31/2011 3:55:56 PM - System Checkpoint
RP13: 6/2/2011 2:27:00 PM - System Checkpoint
RP14: 6/3/2011 4:02:03 PM - System Checkpoint
RP15: 6/4/2011 12:25:43 PM - Software Distribution Service 3.0
RP16: 6/4/2011 10:43:57 PM - Restore Operation
RP17: 6/4/2011 10:47:05 PM - Restore Operation
RP18: 6/4/2011 10:52:58 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP19: 6/5/2011 11:45:18 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP20: 6/5/2011 11:55:40 AM - ARO 2011 - Before Installation
RP21: 6/5/2011 11:57:08 AM - ARO 2011 - FIRST RUN
RP22: 6/5/2011 5:02:34 PM - Restore Operation
RP23: 6/5/2011 5:20:26 PM - Restore Operation
RP24: 6/5/2011 9:34:10 PM - Restore Operation
.
==== Installed Programs ======================
.
Acer Crystal Eye webcam
Acer eRecovery Management
Acer ScreenSaver
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Alice Greenfingers
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avira AntiVir Personal - Free Antivirus
Bookworm Adventures
C:\Program Files\Acer GameZone\GameConsole
Cake Mania 2
Carbonite Online Backup Setup
Chicken Invaders 2
Choice Guard
Compatibility Pack for the 2007 Office system
DivX Setup
Dream Day First Home
eSobi v2
Fizzball
Galapago
Game Booster
Gold Miner Vegas
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Jewelleria
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
Supercow
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
VC80CRTRedist - 8.0.50727.4053
WebCam
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player 10
.
==== Event Viewer Messages From Past Week ========
.
6/5/2011 8:00:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/5/2011 7:59:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments " " in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
6/5/2011 7:49:29 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 9e88c570, parameter4 00000000.
6/5/2011 5:39:21 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 9db46570, parameter4 00000000.
6/5/2011 5:30:42 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/5/2011 5:30:42 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
6/5/2011 5:24:15 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
6/5/2011 5:24:15 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
6/5/2011 5:21:17 PM, error: Dhcp [1002] - The IP address lease 192.168.0.34 for the Network Card with network address 0C60766AF3B4 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
6/5/2011 5:17:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/5/2011 5:06:36 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 9e509570, parameter4 00000000.
6/5/2011 4:23:57 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 9f9b9570, parameter4 00000000.
6/5/2011 4:23:54 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 a06b4570, parameter4 00000000.
6/5/2011 2:30:25 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 a15cd570, parameter4 00000000.
6/5/2011 2:24:07 PM, error: Service Control Manager [7000] - The IMF Service service failed to start due to the following error: The system cannot find the file specified.
6/5/2011 12:34:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments " " in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
6/5/2011 12:34:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk SASDIFSV SASKUTIL szkg5 szkgfs
6/5/2011 12:33:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2011 12:29:31 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).
6/5/2011 12:25:07 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 a1a53570, parameter4 00000000.
6/5/2011 12:20:28 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 a92f1570, parameter4 00000000.
6/5/2011 12:19:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg5 szkgfs
6/5/2011 11:45:41 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/5/2011 11:34:17 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Jenn\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
6/5/2011 11:27:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
6/5/2011 11:22:01 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 9de0d570, parameter4 00000000.
6/5/2011 11:21:58 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 9debb570, parameter4 00000000.
6/5/2011 11:21:53 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f75160b8, parameter3 9dfc0570, parameter4 00000000.
6/5/2011 11:17:20 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
6/5/2011 10:56:34 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
6/5/2011 10:56:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\AvastUI.exe. Reference error message: The operation completed successfully. .
6/5/2011 10:56:34 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
6/5/2011 10:55:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/5/2011 10:19:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk szkg5 szkgfs
6/4/2011 7:53:51 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0C60766AF3B4. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
6/4/2011 7:53:40 PM, error: Dhcp [1002] - The IP address lease 192.168.0.33 for the Network Card with network address 0C60766AF3B4 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
6/4/2011 11:12:53 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/4/2011 10:52:31 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
6/4/2011 10:49:29 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/4/2011 10:49:23 PM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
6/4/2011 10:49:23 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

 

2011/06/06 12:25:09.0171 1440 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/06 12:25:09.0890 1440 ================================================================================
2011/06/06 12:25:09.0890 1440 SystemInfo:
2011/06/06 12:25:09.0890 1440
2011/06/06 12:25:09.0890 1440 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/06 12:25:09.0890 1440 Product type: Workstation
2011/06/06 12:25:09.0890 1440 ComputerName: HAVEN
2011/06/06 12:25:09.0890 1440 UserName: Jenn
2011/06/06 12:25:09.0890 1440 Windows directory: C:\WINDOWS
2011/06/06 12:25:09.0890 1440 System windows directory: C:\WINDOWS
2011/06/06 12:25:09.0890 1440 Processor architecture: Intel x86
2011/06/06 12:25:09.0890 1440 Number of processors: 2
2011/06/06 12:25:09.0890 1440 Page size: 0x1000
2011/06/06 12:25:09.0890 1440 Boot type: Normal boot
2011/06/06 12:25:09.0890 1440 ================================================================================
2011/06/06 12:25:10.0531 1440 Initialize success
2011/06/06 12:25:18.0031 0780 ================================================================================
2011/06/06 12:25:18.0031 0780 Scan started
2011/06/06 12:25:18.0031 0780 Mode: Manual;
2011/06/06 12:25:18.0031 0780 ================================================================================
2011/06/06 12:25:19.0765 0780 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/06 12:25:19.0843 0780 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/06 12:25:19.0921 0780 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/06 12:25:20.0062 0780 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/06 12:25:20.0531 0780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/06 12:25:20.0890 0780 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/06 12:25:20.0953 0780 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/06 12:25:21.0062 0780 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/06 12:25:21.0156 0780 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/06 12:25:21.0312 0780 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/06 12:25:21.0453 0780 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/06 12:25:21.0562 0780 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/06 12:25:21.0671 0780 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/06 12:25:21.0875 0780 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/06/06 12:25:22.0171 0780 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/06 12:25:22.0265 0780 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/06 12:25:22.0421 0780 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/06 12:25:22.0531 0780 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/06 12:25:22.0640 0780 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/06 12:25:22.0921 0780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/06 12:25:23.0015 0780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/06 12:25:23.0265 0780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/06 12:25:23.0500 0780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/06 12:25:24.0046 0780 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/06 12:25:24.0281 0780 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/06 12:25:24.0375 0780 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/06 12:25:24.0609 0780 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/06 12:25:24.0812 0780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/06 12:25:25.0125 0780 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/06 12:25:25.0187 0780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/06 12:25:25.0343 0780 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/06 12:25:25.0421 0780 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/06 12:25:25.0500 0780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/06 12:25:25.0593 0780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/06 12:25:25.0718 0780 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\drivers\Cdrom.sys
2011/06/06 12:25:25.0937 0780 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/06 12:25:26.0031 0780 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/06 12:25:26.0234 0780 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/06 12:25:26.0625 0780 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/06 12:25:26.0812 0780 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/06 12:25:26.0921 0780 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/06 12:25:27.0046 0780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/06 12:25:27.0140 0780 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/06/06 12:25:27.0281 0780 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/06 12:25:27.0421 0780 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/06 12:25:27.0546 0780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/06 12:25:27.0734 0780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/06 12:25:27.0875 0780 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/06 12:25:28.0125 0780 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/06/06 12:25:28.0343 0780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/06 12:25:28.0718 0780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/06 12:25:28.0921 0780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/06 12:25:29.0062 0780 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/06 12:25:29.0203 0780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/06 12:25:29.0390 0780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/06 12:25:29.0656 0780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/06 12:25:29.0953 0780 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/06 12:25:30.0531 0780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/06 12:25:31.0203 0780 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/06 12:25:31.0406 0780 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/06 12:25:31.0812 0780 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/06 12:25:32.0343 0780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/06 12:25:32.0531 0780 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/06 12:25:32.0640 0780 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/06 12:25:32.0812 0780 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/06 12:25:33.0296 0780 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/06 12:25:33.0906 0780 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2011/06/06 12:25:34.0109 0780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2011/06/06 12:25:34.0453 0780 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/06 12:25:34.0828 0780 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/06 12:25:35.0609 0780 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/06 12:25:35.0906 0780 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/06 12:25:36.0015 0780 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/06 12:25:36.0203 0780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/06 12:25:36.0578 0780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/06 12:25:36.0765 0780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/06 12:25:37.0015 0780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/06 12:25:37.0156 0780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/06 12:25:37.0437 0780 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/06 12:25:37.0640 0780 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/06 12:25:37.0812 0780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/06 12:25:37.0953 0780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/06 12:25:38.0265 0780 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/06/06 12:25:39.0000 0780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/06 12:25:39.0453 0780 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/06 12:25:39.0781 0780 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/06/06 12:25:40.0531 0780 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/06 12:25:41.0515 0780 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/06 12:25:41.0750 0780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/06 12:25:41.0906 0780 MPFP (11ff330ac375f962dfadb43708a6d105) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/06/06 12:25:42.0156 0780 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/06 12:25:42.0390 0780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/06 12:25:42.0656 0780 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/06 12:25:43.0015 0780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/06 12:25:43.0468 0780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/06 12:25:43.0828 0780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/06 12:25:43.0906 0780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/06 12:25:44.0156 0780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/06 12:25:44.0281 0780 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/06 12:25:44.0515 0780 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/06 12:25:44.0671 0780 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/06 12:25:45.0046 0780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/06 12:25:45.0484 0780 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/06 12:25:45.0656 0780 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/06 12:25:46.0203 0780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/06 12:25:47.0000 0780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/06 12:25:47.0234 0780 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/06 12:25:47.0500 0780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/06 12:25:47.0843 0780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/06 12:25:48.0734 0780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/06 12:25:49.0015 0780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/06 12:25:49.0734 0780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/06 12:25:50.0093 0780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/06 12:25:50.0328 0780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/06 12:25:51.0765 0780 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/06 12:25:52.0312 0780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/06 12:25:52.0671 0780 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/06 12:25:53.0359 0780 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/06 12:25:54.0656 0780 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/06 12:25:55.0171 0780 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/06 12:25:56.0718 0780 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/06 12:25:57.0031 0780 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/06 12:25:57.0921 0780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/06 12:25:58.0281 0780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/06 12:25:58.0406 0780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/06 12:25:58.0734 0780 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/06 12:25:59.0046 0780 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/06 12:25:59.0234 0780 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/06 12:25:59.0531 0780 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/06 12:26:00.0000 0780 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/06 12:26:00.0171 0780 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/06 12:26:00.0265 0780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/06 12:26:00.0546 0780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/06 12:26:01.0218 0780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/06 12:26:01.0359 0780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/06 12:26:01.0562 0780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/06 12:26:01.0812 0780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/06 12:26:02.0734 0780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/06 12:26:03.0500 0780 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/06 12:26:05.0281 0780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/06 12:26:05.0656 0780 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/06 12:26:06.0343 0780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/06 12:26:07.0171 0780 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/06 12:26:07.0656 0780 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/06 12:26:08.0250 0780 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/06 12:26:08.0671 0780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/06 12:26:09.0031 0780 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/06 12:26:09.0390 0780 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/06 12:26:09.0781 0780 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/06 12:26:10.0093 0780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/06 12:26:10.0375 0780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/06 12:26:10.0781 0780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/06 12:26:11.0125 0780 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/06 12:26:11.0593 0780 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/06 12:26:11.0828 0780 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/06 12:26:12.0156 0780 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/06 12:26:12.0625 0780 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/06 12:26:12.0796 0780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/06 12:26:14.0093 0780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/06 12:26:14.0328 0780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/06 12:26:14.0546 0780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/06 12:26:14.0750 0780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/06 12:26:15.0375 0780 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/06 12:26:15.0828 0780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/06 12:26:16.0250 0780 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/06 12:26:16.0750 0780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/06 12:26:17.0453 0780 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/06 12:26:17.0750 0780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/06 12:26:18.0406 0780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/06 12:26:18.0671 0780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/06 12:26:18.0921 0780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/06 12:26:19.0281 0780 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/06 12:26:19.0625 0780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/06 12:26:19.0937 0780 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/06 12:26:20.0203 0780 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/06 12:26:20.0484 0780 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/06 12:26:21.0250 0780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/06 12:26:21.0640 0780 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/06/06 12:26:22.0078 0780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/06 12:26:23.0015 0780 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/06 12:26:23.0703 0780 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/06 12:26:24.0218 0780 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/06/06 12:26:24.0421 0780 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/06 12:26:24.0468 0780 ================================================================================
2011/06/06 12:26:24.0468 0780 Scan finished
2011/06/06 12:26:24.0468 0780 ================================================================================
2011/06/06 12:26:24.0875 2228 Detected object count: 1
2011/06/06 12:26:24.0875 2228 Actual detected object count: 1
2011/06/06 12:26:49.0500 2228 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/06 12:26:49.0500 2228 \Device\Harddisk0\DR0 - ok
2011/06/06 12:26:49.0500 2228 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/06 12:27:03.0796 2296 Deinitialize success

 

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF5BED000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA91AF000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5214208 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xF59D4000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1953792 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0x9D42C000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 843776 bytes
0xF74D8000 iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xF7402000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5903000 C:\WINDOWS\System32\Drivers\wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xA273B000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF585A000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA286D000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9D117000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF47A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9CB86000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF597F000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 200704 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xF75EE000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9D337000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF73D5000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA27AB000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF5BB1000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA27F8000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA2846000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xA2715000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xA2820000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA918B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF59B0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF58B8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA27D6000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74B8000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75BE000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF73BB000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF75A6000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF748F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF58EC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9D417000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x9D402000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5BD9000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA28C6000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF74A6000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF75DD000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF58DB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF777D000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA8276000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF776D000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF77ED000 C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 57344 bytes (Atheros Communications, Inc., Atheros AR8131/AR8132 PCI-E Ethernet Controller ndis miniport driver)
0xF767D000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF77FD000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF781D000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF765D000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF780D000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF783D000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA789C000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF764D000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF782D000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF763D000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF63D2000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF768D000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF785D000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9CC47000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF766D000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF77DD000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA78CC000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF784D000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA78BC000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9F233000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA9123000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7935000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF78BD000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7945000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF794D000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xA911B000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF792D000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA9133000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF793D000 C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 20480 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0xA912B000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78C5000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF795D000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7965000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7955000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9DD8C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A55000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7377000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA8775000 C:\PROGRA~1\LAUNCH~1\DPortIO.sys 16384 bytes (Dritek System Inc., General Port I/O)
0xF72E1000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9173000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A59000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7A4D000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A51000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x9DBEA000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF619B000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF72ED000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA9167000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7373000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7BC9000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7B4B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B49000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B3D000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B4D000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B4F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B7F000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B7D000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B3F000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CBC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0x9D81E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA30CC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C06000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7C05000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

 

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player 10.3.181.14
Adobe Reader 9.2
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

 

Redirect seems to be fine now. I can search the same ones from before that were redirecting me to other sites. Thank you

 

Oops! Sorry i meant to tell you that it did not give me a log