Jump to content

Vista Home PC IE getting hijacked


Recommended Posts

Hello jbriley3! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 2

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Step 3

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. Rootkit Unhooker log
  3. Add or Remove Programs list

Link to post
Share on other sites

Hello jbriley3! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 2

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Step 3

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

  1. Malwarebytes' Anti-Malware log
  2. Rootkit Unhooker log
  3. Add or Remove Programs list

As instructed

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:52:48 AM, on 12/11/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\lacerte shared\update scheduler\updsched.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

C:\Users\Admin\Desktop\spider.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Admin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [updates Scheduler] C:\Program Files\Common Files\lacerte shared\update scheduler\updsched.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8180 bytes

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5295

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

12/11/2010 10:57:32 AM

mbam-log-2010-12-11 (10-57-32).txt

Scan type: Quick scan

Objects scanned: 142955

Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>Drivers

==============================================

0x8DE0C000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9433088 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x81E50000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x81E50000 PnpManager 3903488 bytes

0x81E50000 RAW 3903488 bytes

0x81E50000 WMIxWDM 3903488 bytes

0x8F006000 C:\Windows\system32\drivers\RTKVHDA.sys 2322432 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x81660000 Win32k 2109440 bytes

0x81660000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8A406000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)

0x8A002000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8EC04000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)

0x8A20C000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)

0x804D6000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xAD604000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x8FAD0000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes

0x89E04000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x8ED06000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0x8A311000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)

0x8E70B000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8EA08000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x89F0D000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x80609000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x8040C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)

0xABE08000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xABF79000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x818B0000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0x8EAB1000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)

0x80724000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8077E000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x8F35E000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0x80688000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x80495000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x8EB95000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8A173000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8FA0D000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0x805B6000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x8A138000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)

0x8FA88000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver)

0xABF00000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x8A516000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x89F7E000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x81E1D000 ACPI_HAL 208896 bytes

0x81E1D000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x89ECB000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8F3A6000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x8EB66000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x8F23D000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x8A10D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8EAFD000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0xAD731000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)

0x8FA60000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xABF51000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8A566000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x806DF000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x8F26A000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8E7DD000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x8A59E000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0xABEC0000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x8F2E1000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0xABEE1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xABE75000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x8EA95000 C:\Windows\system32\DRIVERS\Rtlh86.sys 114688 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )

0x8A2F6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x8FBB0000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0xABE92000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8EB48000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xABF39000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x89FD7000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8EBE1000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x8F3D8000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8F334000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0xABEAB000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8A1C5000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8FA49000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xAD700000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x8A1B1000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8F34A000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8EDE6000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0x8F29B000 C:\Windows\system32\DRIVERS\mozy.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)

0x8FBDB000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x89FC4000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xAD715000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x8A58D000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x89FB3000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x8047C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x89EFD000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x8FBCB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x8076E000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8EDC8000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0x8A1DA000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8A3D8000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8FBA1000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x8A557000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80706000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8A3E7000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8E7C3000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x80715000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x8EDD8000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0x818A0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8F3EE000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8F31D000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x8067A000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0x8FAC3000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8EDBB000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x8A1EA000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x8F28F000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0xAD6EC000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8F2D5000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8E7AC000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)

0xABFC7000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 45056 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)

0x8EB27000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8EB3D000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8F312000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8E7D2000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8EB32000 C:\Windows\system32\DRIVERS\point32k.sys 45056 bytes (Microsoft Corporation, Point32k.sys)

0x8EBD6000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8A5E3000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8E7B8000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xAD727000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)

0x8FB97000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8DE00000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x8A3F6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0xAD6E2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8A5CD000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)

0x8A5BF000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8F2AE000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0xAD761000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x8F32B000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x81880000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x8A5EE000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x806CE000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8048D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x806D7000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8F302000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8F30A000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8A54F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0xAD6F8000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)

0x8F2BE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8F2CE000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x80405000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8F2B7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x8EB60000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x8A5C8000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)

0x8EDF9000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)

0xABFD2000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0x8EDFE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8FA5E000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

>Stealth

==============================================

0x00380000 Hidden Image-->undal.dll [ EPROCESS 0x8826AD90 ] PID: 3836, 28672 bytes

0x00390000 Hidden Image-->spcconfg.dll [ EPROCESS 0x8826AD90 ] PID: 3836, 28672 bytes

0x009B0000 Hidden Image-->unintf.dll [ EPROCESS 0x8826AD90 ] PID: 3836, 28672 bytes

0x00360000 Hidden Image-->unengine.dll [ EPROCESS 0x8826AD90 ] PID: 3836, 36864 bytes

0x00940000 Hidden Image-->spccore.dll [ EPROCESS 0x8826AD90 ] PID: 3836, 45056 bytes

0x00780000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x84BB3980 ] PID: 4896, 94208 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Program Files\MozyHome\Data\filter_raw.log

!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci

!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir

!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid

!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci

!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir

!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid

!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci

!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir

!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid

!-->[Hidden] C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7R9UNU0\x250,300x250,300x300,300x600;tile=2;rsi=A09796_10055;rsi=A09796_10045;rsi=A

09796_10071;rsi=A09796_10079;rsi=A09796_10094;rsi=A09796_10107;;ord=1292036977121

[1]2

!-->[Hidden] C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7R9UNU0\x250,300x250,300x300,300x600;tile=2;rsi=A09796_10055;rsi=A09796_10045;rsi=A

09796_10071;rsi=A09796_10079;rsi=A09796_10096;rsi=A09796_10107;;ord=1292037391660

[1]2

!-->[Hidden] C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WGXBA10O\d=2455795;sz=120x600,160x600;tile=3;rsi=A09796_10055;rsi=A09796_10045;rsi=A

09796_10071;rsi=A09796_10079;rsi=A09796_10092;rsi=A09796_10107;;ord=1292036645375

[1]1

!-->[Hidden] C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WGXBA10O\ls+Aloud%20;sz=468x60,728x90;tile=1;rsi=A09796_10055;rsi=A09796_10045;rsi=A09796_10071;rs

i=A09796_10079;rsi=A09796_10090;rsi=A09796_10107;;ord=1292036462553[1]2

!-->[Hidden] C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WGXBA10O\story;!category=;page=article;msrc=WSJ_Opinion_LEADTop;p39=227;p39=220;;mc=b2pfreez

one_super;tile=5;sz=300x250,336x280,300x600,336x850;ord=9931993199319931;[1]2

!-->[Hidden] C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\mbam-log-2010-12-11 (10-57-32).txt.lnk

!-->[Hidden] C:\Users\Admin\Desktop\mbam-log-2010-12-11 (10-57-32).txt

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81EF87AA-->81EF87B1 [ntkrnlpa.exe]

ntkrnlpa.exe+0x000ACDE4, Type: Inline - RelativeJump 0x81EFCDE4-->81EFCD83 [ntkrnlpa.exe]

[1716]wmpnscfg.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[1716]wmpnscfg.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[1716]wmpnscfg.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[1716]wmpnscfg.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[1716]wmpnscfg.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[1716]wmpnscfg.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[2008]dwm.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[2008]dwm.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[2008]dwm.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[2008]dwm.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[2008]dwm.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[2008]dwm.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[244]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]

[244]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]

[244]rundll32.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]

[244]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]

[244]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]

[244]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71241480-->00000000 [shimeng.dll]

[244]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]

[308]taskeng.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[308]taskeng.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[308]taskeng.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[308]taskeng.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[308]taskeng.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[308]taskeng.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3500]hpsysdrv.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3500]hpsysdrv.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3500]hpsysdrv.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3500]hpsysdrv.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3500]hpsysdrv.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3500]hpsysdrv.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3508]jusched.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3508]jusched.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3508]jusched.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3508]jusched.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3508]jusched.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3508]jusched.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3552]hkcmd.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3552]hkcmd.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3552]hkcmd.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3552]hkcmd.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3552]hkcmd.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3552]hkcmd.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3572]igfxpers.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3572]igfxpers.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3572]igfxpers.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3572]igfxpers.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3572]igfxpers.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3572]igfxpers.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3604]IAAnotif.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3604]IAAnotif.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3604]IAAnotif.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3604]IAAnotif.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3604]IAAnotif.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3604]IAAnotif.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3736]CNMNSUT.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3736]CNMNSUT.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3736]CNMNSUT.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3736]CNMNSUT.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3736]CNMNSUT.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3736]CNMNSUT.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3744]GoogleQuickSearchBox.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3744]GoogleQuickSearchBox.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3744]GoogleQuickSearchBox.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3744]GoogleQuickSearchBox.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3744]GoogleQuickSearchBox.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3744]GoogleQuickSearchBox.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3776]iTunesHelper.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3776]iTunesHelper.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3776]iTunesHelper.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3776]iTunesHelper.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3776]iTunesHelper.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3776]iTunesHelper.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3808]sidebar.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3808]sidebar.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3808]sidebar.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3808]sidebar.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3808]sidebar.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3808]sidebar.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3816]GoogleToolbarNotifier.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3816]GoogleToolbarNotifier.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3816]GoogleToolbarNotifier.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3816]GoogleToolbarNotifier.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3816]GoogleToolbarNotifier.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3816]GoogleToolbarNotifier.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3828]ehtray.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3828]ehtray.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3828]ehtray.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3828]ehtray.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3828]ehtray.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3828]ehtray.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3836]updsched.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3836]updsched.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3836]updsched.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3836]updsched.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3836]updsched.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3836]updsched.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3844]mozystat.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3844]mozystat.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3844]mozystat.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3844]mozystat.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3844]mozystat.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3844]mozystat.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[3920]mobsync.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[3920]mobsync.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[3920]mobsync.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[3920]mobsync.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[3920]mobsync.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[3920]mobsync.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

[720]explorer.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x775D0BAB-->00000000 [CSM114E.tmp]

[720]explorer.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x775D0D6D-->00000000 [CSM114E.tmp]

[720]explorer.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x75F9558D-->00000000 [CSM114E.tmp]

[720]explorer.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x75F955C4-->00000000 [CSM114E.tmp]

[720]explorer.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x75F891CE-->00000000 [CSM114E.tmp]

[720]explorer.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x75F897D3-->00000000 [CSM114E.tmp]

2007 Lacerte Tax

2008 Lacerte Tax

2009 Lacerte Tax

32 Bit HP CIO Components Installer

7-Zip 4.65

Acrobat.com

Adobe AIR

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2011

AVG 2011

AVG 2011

AVG PC Tuneup 2011

AVRStudio4

Bonjour

Bonjour Print Services

Canon Easy-WebPrint EX

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 3.0

Canon MP560 series MP Drivers

Canon MP560 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

CCleaner

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

Document eSort Components

Enhanced Multimedia Keyboard Solution

Google Chrome

Google Toolbar for Internet Explorer

Google Toolbar for Internet Explorer

Google Update Helper

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Feedback

HP Demo

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Photosmart Essential

HP Photosmart Essential 2.5

HP Picasso Media Center Add-In

HP Product Detection

HP Solution Center 8.0

HP Update

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Intuit Runtime Components 6.0.16

iTunes

Java 6 Update 15

Java SE Runtime Environment 6 Update 1

LabelPrint

Lacerte Runtime Components

Lacerte Tax Planner

LightScribe System Software

LightScribeTemplateLabeler

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MozyHome Remote Backup

MPM

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 2.0.0048.0

Power2Go

Python 2.5

QuickTime

Realtek High Definition Audio Driver

Release 10.02

RelevantKnowledge

Rootkit Unhooker LE 3.8 SR 2

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Soft Data Fax Modem with SmartCP

Sonic Activation Module

TWC Customer Controls

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Visual FoxPro 9 Module

VoiceOver Kit

WeatherBug Gadget

WinAVR 20100110 (remove only)

Thanks.

Link to post
Share on other sites

It's not the entire log file from Rootkit Unhooker.

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>SSDT State

==============================================

ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x82024C08-->AAFC4780 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]

ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x81FF4DA3-->AAFC4830 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]

ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x8202018F-->AAFC48D0 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]

ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x8201158D-->AAFC4970 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]

==============================================

>Shadow

==============================================

win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0x9869FE10-->AAFC3D00 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]

win32k.sys-->NtUserGetKeyboardState, Type: Address change 0x986BFF8E-->AAFC3C40 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]

win32k.sys-->NtUserGetKeyState, Type: Address change 0x98731305-->AAFC3C90 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]

win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0x98703271-->AAFC3BB0 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]

==============================================

>Processes

==============================================

0x87FA6AE8 [540] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)

0x8871DD90 [548] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc., GoogleToolbarNotifier)

0x88ECA9D8 [564] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o., AVG IDS application)

0x8803BD90 [572] C:\PROGRA~1\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)

0x88BF7D90 [724] C:\Program Files\Common Files\lacerte shared\update scheduler\updsched.exe (-, )

0x88D2E020 [740] C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc., MozyHome Remote Backup Status Application)

0x88789480 [748] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)

0x943B8D20 [768] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x88137BD8 [820] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)

0x88141150 [828] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x887616E8 [856] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)

0x88142D90 [864] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)

0x881ACD90 [912] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)

0x942F2A48 [952] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)

0x8844ED90 [960] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)

0x88BC4AD8 [1076] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)

0x88440D90 [1092] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x885390E0 [1152] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x884F9020 [1204] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8854D020 [1284] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x88550D90 [1296] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x887CBD90 [1336] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)

0x88596D90 [1384] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x88595388 [1400] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)

0x88583D90 [1444] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x88647D90 [1552] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x88D1ED90 [1656] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)

0x8867C100 [1680] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)

0x8868C7A8 [1724] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)

0x88674D90 [1756] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x886F05F0 [1796] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))

0x88D2B868 [2104] C:\Windows\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)

0x8798AD90 [2188] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)

0x86D14020 [2244] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)

0x86D24020 [2276] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation, RAID Monitor)

0x86D20200 [2360] C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company, LightScribe Service)

0x888ED020 [2452] C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)

0x8888B6B8 [2468] C:\Program Files\MozyHome\mozybackup.exe (Mozy, Inc., MozyHome Remote Backup Service bootstrapper)

0xEC422B68 [2476] C:\PROGRA~1\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)

0x888ED500 [2500] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x86D27B68 [2524] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x888FC530 [2536] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8890B5C8 [2576] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x88921820 [2612] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8891F7D0 [2644] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)

0x887CB220 [2708] C:\Windows\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)

0x88968568 [2780] C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc., Modem Audio Service)

0x8898AD90 [2856] C:\Program Files\MozyHome\mozybackup.exe (Mozy, Inc., MozyHome Remote Backup Service bootstrapper)

0x88976020 [2944] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)

0x888BFD90 [3132] C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Online Shield Service)

0x886E0C40 [3160] C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o., AVG E-mail Scanner)

0x88E29D90 [3444] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation, Windows Media Player Network Sharing Service Configuration Application)

0x88DDEB10 [3712] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)

0x88C44118 [3812] C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company, hpsysdrv)

0x88C48980 [3824] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc., Java Platform SE binary)

0x88C8C368 [3844] C:\Windows\System32\hkcmd.exe (Intel Corporation, hkcmd Module)

0x88CC0B88 [3864] C:\Windows\System32\igfxpers.exe (Intel Corporation, persistence Module)

0x88CB4D90 [3880] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation, Event Monitor User Notification Tool)

0x88C61588 [3928] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC., Canon IJ Network Scan Utility)

0x88CDE580 [3948] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc., Google Quick Search Box)

0x88CF0BD8 [4008] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)

0xEC420388 [4188] C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)

0x84CFF258 [4196] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))

0x84DE9D90 [4384] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)

0x84FD7020 [4588] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard, HP Health Check Service)

0x84FCD020 [4660] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x85442898 [4832] C:\Windows\System32\taskmgr.exe (Microsoft Corporation, Windows Task Manager)

0x86112D90 [4848] C:\Windows\System32\MustBeRandomlyNamed\oMV6fKUctvit1.exe (UG North, RKULE, SR2 Normandy)

0x89DD74C0 [4928] C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc., Java Update Checker)

0x85003BC8 [5144] C:\Program Files\RelevantKnowledge\rlservice.exe (TMRG, Inc., RelevantKnowledge)

0x8519B980 [5320] C:\Program Files\RelevantKnowledge\rlvknlg.exe (TMRG, Inc., RelevantKnowledge)

0x84E98D90 [5444] C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation, Sink to receive asynchronous callbacks for WMI client application)

0x84736758 [4] System

0x8857FD90 [1360] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )

0x8884FD90 [2224] C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)

0x889EFD90 [2820] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o., AVG IDS application)

0x88CE8980 [3984] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)

==============================================

>Drivers

==============================================

0x8EC06000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9433088 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x81E04000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x81E04000 PnpManager 3903488 bytes

0x81E04000 RAW 3903488 bytes

0x81E04000 WMIxWDM 3903488 bytes

0x8F803000 C:\Windows\system32\drivers\RTKVHDA.sys 2322432 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x98670000 Win32k 2109440 bytes

0x98670000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8A401000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)

0x82E03000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8E80E000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)

0x8A202000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)

0x804D3000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xADE02000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x90C77000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes

0x82C01000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x8E910000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0x8A307000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)

0x8F505000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8E600000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x82D0A000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x80605000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x80409000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)

0xAAE03000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xAAF74000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x988C0000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0x8E6A9000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)

0x80720000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x82DB0000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x8FB5B000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0x80684000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x80492000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x8E78A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8F5BD000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x805B3000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0x8078D000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x82F39000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)

0x90C2F000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver)

0xAAEFB000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x8A511000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x82D7B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x821BD000 ACPI_HAL 208896 bytes

0x821BD000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x82CC8000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8FBA3000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x8E75B000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x8FA3A000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x82F0E000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8E6F5000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0xADF2F000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)

0x90C07000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xAAF4C000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8A561000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x806DB000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x8FA67000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x82F74000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x8A599000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0xAAEBB000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x8FADE000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0xAAEDC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xAAE70000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x8E68D000 C:\Windows\system32\DRIVERS\Rtlh86.sys 114688 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )

0x8A2EC000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x90D57000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0xAAE8D000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8E73D000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xAAF34000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x807C9000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8E7D6000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x8FBD5000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8FB31000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0xAAEA6000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x82FAB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x807E0000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xADEF6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x82F97000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8FB47000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8E71F000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0x8FA98000 C:\Windows\system32\DRIVERS\mozy.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)

0x90D82000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8077A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xADF0B000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x8A588000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x82FDD000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x80479000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x82CFA000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x90D72000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x8076A000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8E9D2000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0x82FC0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8A3CE000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x90D48000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x8A552000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80702000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8A3EC000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8A3DD000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x80711000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x8E9E2000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0x988B0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8FBEB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8FB1A000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x80676000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0x90C6A000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8E9C5000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x82FD0000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x8FA8C000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0xADEEA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8FAD2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8F5A6000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)

0xAAFC2000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 45056 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)

0x8E9F5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8E732000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8FB0F000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8E7ED000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8E800000 C:\Windows\system32\DRIVERS\point32k.sys 45056 bytes (Microsoft Corporation, Point32k.sys)

0x8E7CB000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8A5DE000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8F5B2000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xADF25000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)

0x90D3E000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8A5F2000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x82FEE000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0xADEE0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8A5C8000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)

0x8A5BA000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8FAAB000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0xADF60000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x8FB28000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x98890000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x8A5E9000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x806CA000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8048A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x806D3000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8FAFF000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8FB07000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8A54A000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0xADF1D000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)

0x8FABB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8FACB000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x80402000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8FAB4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x8E755000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x8A5C3000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)

0x8E9F0000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)

0xAAFCD000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0x8E80B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8FBF9000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

>Stealth

==============================================

0x01790000 Hidden Image-->spcconfg.dll [ EPROCESS 0x88BF7D90 ] PID: 724, 28672 bytes

0x01780000 Hidden Image-->undal.dll [ EPROCESS 0x88BF7D90 ] PID: 724, 28672 bytes

0x01880000 Hidden Image-->unintf.dll [ EPROCESS 0x88BF7D90 ] PID: 724, 28672 bytes

0x009C0000 Hidden Image-->unengine.dll [ EPROCESS 0x88BF7D90 ] PID: 724, 36864 bytes

0x017A0000 Hidden Image-->spccore.dll [ EPROCESS 0x88BF7D90 ] PID: 724, 45056 bytes

0x00F70000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x84FD7020 ] PID: 4588, 94208 bytes

==============================================

>Files

==============================================

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81EAC7AA-->81EAC7B1 [ntkrnlpa.exe]

ntkrnlpa.exe+0x000ACDE4, Type: Inline - RelativeJump 0x81EB0DE4-->81EB0E33 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindConfigurationEntry, Type: Inline - RelativeJump 0x821582CF-->82158301 [ntkrnlpa.exe]

[1076]sidebar.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[1076]sidebar.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[1076]sidebar.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[1076]sidebar.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[1336]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[1336]explorer.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[1336]explorer.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[1336]explorer.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[1796]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]

[1796]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]

[1796]rundll32.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]

[1796]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]

[1796]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]

[1796]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71241480-->00000000 [shimeng.dll]

[1796]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]

[2104]ehtray.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[2104]ehtray.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[2104]ehtray.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[2104]ehtray.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[3444]wmpnscfg.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[3812]hpsysdrv.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[3844]hkcmd.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[3844]hkcmd.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[3844]hkcmd.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[3844]hkcmd.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[3864]igfxpers.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[3864]igfxpers.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[3864]igfxpers.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[3864]igfxpers.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[3880]IAAnotif.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[3928]CNMNSUT.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[3948]GoogleQuickSearchBox.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[4008]iTunesHelper.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[5444]unsecapp.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[5444]unsecapp.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[5444]unsecapp.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[5444]unsecapp.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[548]GoogleToolbarNotifier.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[740]mozystat.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[740]mozystat.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[740]mozystat.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[740]mozystat.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[748]taskeng.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[748]taskeng.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[748]taskeng.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[748]taskeng.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

[856]dwm.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76E01BF3-->00000000 [rlls.dll]

[856]dwm.exe-->kernel32.dll-->GetQueuedCompletionStatus, Type: Inline - RelativeJump 0x76E4D0F5-->00000000 [rlls.dll]

[856]dwm.exe-->wininet.dll-->UnlockUrlCacheEntryFile, Type: Inline - RelativeJump 0x7747AD0B-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x76C6330C-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x76C640D9-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x76C6343A-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->recvfrom, Type: Inline - RelativeJump 0x76C68E15-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x76C6659B-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x76C667C5-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x76C6D7B0-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x76C68143-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x76C68400-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->WSARecvFrom, Type: Inline - RelativeJump 0x76C78B38-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x76C64496-->00000000 [rlls.dll]

[856]dwm.exe-->ws2_32.dll-->WSASendTo, Type: Inline - RelativeJump 0x76C7A474-->00000000 [rlls.dll]

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.