Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake security products


  • This topic is locked This topic is locked
47 replies to this topic

#1 Addie2

Addie2

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 24 May 2011 - 08:38 PM

A few days ago, my computer, which had been recently cleaned of a root kit, started mysteriously having popups for windows security products that were 'unregistered.' They pop up in 3's, and once you x them out they come right back. I have Webroot antivirus installed on my computer and every night I scan it and every night it says it removed 'rogue security products' but as soon as I go to any website, they come right back! X them out and they come right back.

This is my most recent and bothersome problem, but it has never really gotten rid of a google redirect problems that say 'jump and 'redirect' every time you try to search something. If you click back enough, it will go to what you wanted, but it never goes away. I have also had issues with svchost multiplying and cpu usage going to 100% for no apparent reason.

My computer is about 5 years old and is a windows XP e machine.

Thanks for any help and advice!

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Lori at 2:39:59 on 2002-01-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.129 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Documents and Settings\Lori\Local Settings\Application Data\wae.exe
C:\Program Files\Webroot\Security\Current\Framework\WRFrame.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Lori\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.facebook.com
mURLSearchHooks: H - No File
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [SoundMan] "SOUNDMAN.EXE"
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRunOnce: [WrSvcAssist] "c:\program files\webroot\security\current\framework\WRSvcAssist.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278074999512
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278075327406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lori\application data\mozilla\firefox\profiles\g6hfyf7l.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxps://www.facebook.com
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R2 SSFMONM;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2010-11-1 47120]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2010-11-1 3900032]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2002-1-18 3276136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x]
.
=============== Created Last 30 ================
.
2011-04-29 00:49:50 -------- d-----w- c:\documents and settings\lori\application data\Yzar
2011-03-22 03:38:42 -------- d-----w- c:\windows\system32\Adobe
2011-03-11 00:54:14 -------- d-----w- c:\program files\Windows Media Connect 2
2011-03-11 00:28:44 -------- d-----w- c:\windows\system32\LogFiles
2011-02-03 05:03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-01-13 22:28:44 65536 ----a-w- c:\program files\mozilla firefox\plugins\npkimi.dll
2011-01-13 22:28:39 -------- d-----w- c:\program files\Imikimi
2010-11-19 23:48:49 -------- d-----w- C:\_OTL
2010-11-12 23:52:07 -------- d-----w- C:\_OTS
2010-11-12 01:08:33 -------- d-----w- c:\documents and settings\lori\application data\Malwarebytes
2010-11-12 01:08:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-12 01:08:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2010-11-12 01:08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-12 01:08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-07 20:36:20 -------- d-sha-r- C:\cmdcons
2010-11-07 20:18:18 -------- d-----w- c:\program files\Free Window Registry Repair
2010-11-07 18:06:47 -------- d-----w- C:\Combo-Fix
2010-11-07 02:13:18 89088 ----a-w- c:\windows\MBR.exe
2010-11-07 02:13:17 98816 ----a-w- c:\windows\sed.exe
2010-11-07 02:13:17 256512 ----a-w- c:\windows\PEV.exe
2010-11-07 02:13:17 161792 ----a-w- c:\windows\SWREG.exe
2010-11-07 00:09:21 -------- d-----w- c:\windows\pss
2010-11-01 23:45:10 47120 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-11-01 23:45:10 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-11-01 23:45:10 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-11-01 23:40:42 -------- d-----w- c:\program files\Webroot
2010-11-01 23:40:31 -------- dc-h--w- c:\documents and settings\all users\application data\{94E7A161-5A7B-460F-BD45-76DE70D977A9}
2010-11-01 23:39:58 -------- d-----w- c:\documents and settings\all users\application data\Webroot
2010-11-01 23:39:53 -------- d-----w- c:\documents and settings\lori\local settings\application data\PackageAware
2010-09-25 13:21:11 -------- d-----w- c:\documents and settings\lori\local settings\application data\AVG Security Toolbar
2010-09-25 10:03:21 -------- d-----w- C:\$AVG8.VAULT$
2010-09-25 02:13:41 -------- d-----w- c:\program files\AVG
2010-08-05 23:52:45 -------- d-----w- c:\program files\Ask.com
2010-08-05 23:52:43 -------- d-----w- c:\documents and settings\lori\application data\BitTorrent
2010-08-05 23:52:37 -------- d-----w- c:\program files\BitTorrent
2010-07-28 05:20:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-28 05:20:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-28 05:20:53 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-07-10 06:59:02 -------- d-----w- c:\documents and settings\lori\local settings\application data\GHISLER
2010-07-10 06:58:41 -------- d-----w- C:\Derrick Stuart
2010-07-10 06:58:29 -------- d-----w- C:\Karie Struart
2010-07-10 06:50:17 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-10 06:49:22 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-07-10 06:49:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-07-10 06:49:19 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-07-10 06:49:19 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-10 06:49:12 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-07-10 06:49:12 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-10 06:49:01 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-07-10 06:49:01 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-10 06:48:55 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-07-10 06:48:55 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-02 15:46:22 -------- d-----w- c:\documents and settings\lori\application data\Office Genuine Advantage
2010-07-02 14:43:20 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-02 14:42:32 -------- d-----w- c:\windows\ShellNew
2010-07-02 14:11:24 -------- d-----w- c:\windows\system32\scripting
2010-07-02 14:11:23 -------- d-----w- c:\windows\system32\en
2010-07-02 14:11:23 -------- d-----w- c:\windows\l2schemas
2010-07-02 14:11:22 -------- d-----w- c:\windows\system32\bits
2010-07-02 14:07:40 -------- d-----w- c:\windows\network diagnostic
2010-07-02 13:58:02 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-07-02 13:58:02 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-07-02 13:58:02 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-07-02 13:58:02 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-07-02 13:58:02 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-07-02 13:58:02 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-07-02 13:56:58 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-07-02 13:45:39 -------- d-sh--w- c:\documents and settings\lori\PrivacIE
2010-07-02 13:43:50 -------- d-sh--w- c:\documents and settings\lori\IETldCache
2010-07-02 13:35:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-02 13:35:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-02 13:35:51 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-02 13:35:51 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-02 13:35:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-02 13:35:51 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-07-02 13:35:51 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-07-02 13:35:47 -------- d-----w- c:\windows\ie8updates
2010-07-02 13:35:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-02 13:34:34 -------- dc-h--w- c:\windows\ie8
2010-07-02 13:15:38 -------- d-----w- c:\windows\ServicePackFiles
2010-07-02 13:04:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-02 13:03:56 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-07-02 13:02:56 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-07-02 13:02:56 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-07-02 13:02:50 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-07-02 12:57:56 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-07-02 12:57:13 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-07-02 12:57:13 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-02 12:57:10 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-07-02 12:52:52 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-02 12:52:52 -------- d-----w- c:\windows\system32\PreInstall
2010-07-02 12:52:50 -------- d--h--w- c:\windows\$hf_mig$
2010-07-02 12:50:26 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-07-02 12:50:26 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-07-02 12:50:26 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-07-02 12:50:26 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-07-02 12:50:25 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-07-02 12:49:49 -------- d-sh--w- c:\documents and settings\lori\UserData
2010-07-01 00:43:35 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-07-01 00:43:35 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2010-07-01 00:43:32 52581 ----a-w- c:\windows\system32\IntelCci.dll
2010-07-01 00:43:27 659065 ----a-r- c:\windows\system32\drivers\IntelC52.sys
2010-07-01 00:43:27 61541 ----a-r- c:\windows\system32\drivers\IntelC53.sys
2010-07-01 00:43:27 52581 ----a-r- c:\windows\system32\IntelCc2.dll
2010-07-01 00:43:27 36984 ----a-r- c:\windows\system32\drivers\mohfilt.sys
2010-07-01 00:43:27 172032 ----a-r- c:\windows\system32\intelmoh.dll
2010-07-01 00:43:27 1313509 ----a-r- c:\windows\system32\drivers\IntelC51.sys
2010-07-01 00:20:17 -------- d-----w- C:\Temp
2010-07-01 00:12:46 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-07-01 00:11:56 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2010-07-01 00:10:26 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-07-01 00:06:39 -------- d-s---w- c:\windows\system32\Microsoft
2010-07-01 00:04:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-07-01 00:02:59 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2010-07-01 00:01:58 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-07-01 00:00:06 -------- d-sh--w- c:\documents and settings\all users\DRM
.
==================== Find3M ====================
.
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:41:50 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:36:45 81920 ------w- c:\windows\system32\ieencode.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-05 18:27:45 1291776 ----a-w- c:\windows\system32\quartz.dll
2010-01-29 15:01:30 691712 ----a-w- c:\windows\system32\inetcomm.dll
2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-29 14:43:39 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 06:59:40 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-15 16:28:26 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 14:46:07 282654 ----a-w- c:\windows\system32\msaud32.acm
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:17:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-20 19:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 23:24:10 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-08-06 23:23:26 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-31 14:05:44 1372672 ------w- c:\windows\system32\msxml6.dll
2009-07-31 04:35:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll
2009-06-25 18:36:08 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36:08 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36:08 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36:08 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36:08 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36:08 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36:08 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36:08 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36:08 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36:08 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36:08 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36:08 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:25:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25:26 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25:26 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 11:48:44 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-12 12:31:40 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 13:19:38 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 14:51:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-08 18:22:46 1241088 ------w- c:\windows\system32\ieframe.dll.mui
2009-03-08 18:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 18:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 18:21:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 18:21:06 10240 ------w- c:\windows\system32\advpack.dll.mui
2009-03-08 18:20:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 08:35:10 385024 ----a-w- c:\windows\system32\html.iec
2009-03-08 08:34:30 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 08:33:40 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 08:32:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 08:32:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 08:31:38 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 08:31:18 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 08:31:02 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 08:31:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-03-08 08:30:56 66560 ----a-w- c:\windows\system32\tdc.ocx
2009-03-08 08:22:38 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22:18 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10:48 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10:48 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10:48 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10:48 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10:48 401408 ----a-w- c:\windows\system32\rpcss.dll
.
============= FINISH: 2:46:09.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:08 AM

Posted 02 June 2011 - 11:16 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Addie2

Addie2
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 03 June 2011 - 11:13 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x80568FCA-->82FDCA08 [Unknown module filename]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80570833-->82FE8690 [Unknown module filename]
ntoskrnl.exe-->NtCreateProcess, Type: Address change 0x805B14AC-->82FDCF30 [Unknown module filename]
ntoskrnl.exe-->NtCreateProcessEx, Type: Address change 0x8057FE4C-->82FDCEB8 [Unknown module filename]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x80587A3C-->82FDCCD8 [Unknown module filename]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80595316-->82FE3B18 [Unknown module filename]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80592D64-->82F9B180 [Unknown module filename]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80568D48-->82FDCFA8 [Unknown module filename]
ntoskrnl.exe-->NtQueueApcThread, Type: Address change 0x8058A487-->82FDCA80 [Unknown module filename]
ntoskrnl.exe-->NtReadVirtualMemory, Type: Address change 0x8057E4B8-->82FDC918 [Unknown module filename]
ntoskrnl.exe-->NtRenameKey, Type: Address change 0x8064EAEA-->82FE3AA0 [Unknown module filename]
ntoskrnl.exe-->NtSetContextThread, Type: Address change 0x8062E057-->82FDCB70 [Unknown module filename]
ntoskrnl.exe-->NtSetInformationKey, Type: Address change 0x8064E1CE-->82F9B270 [Unknown module filename]
ntoskrnl.exe-->NtSetInformationProcess, Type: Address change 0x8056DDD9-->82FDCDC8 [Unknown module filename]
ntoskrnl.exe-->NtSetInformationThread, Type: Address change 0x80575756-->82FDCBE8 [Unknown module filename]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80572A6E-->82F9B1F8 [Unknown module filename]
ntoskrnl.exe-->NtSuspendProcess, Type: Address change 0x8062FC39-->82FDCD50 [Unknown module filename]
ntoskrnl.exe-->NtSuspendThread, Type: Address change 0x805E053E-->82FDCAF8 [Unknown module filename]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x805824CC-->82FDCE40 [Unknown module filename]
ntoskrnl.exe-->NtTerminateThread, Type: Address change 0x8057BA6F-->82FDCC60 [Unknown module filename]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x8057E60A-->82FDC990 [Unknown module filename]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserAttachThreadInput, Type: Address change 0xBF8F556E-->82D3B058 [Unknown module filename]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF83C845-->82D04FA8 [Unknown module filename]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF8A0C8F-->82DF34B8 [Unknown module filename]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF81C763-->82DF3440 [Unknown module filename]
win32k.sys-->NtUserMessageCall, Type: Address change 0xBF80EE8D-->82D26FA8 [Unknown module filename]
win32k.sys-->NtUserPostMessage, Type: Address change 0xBF808306-->82CB45A8 [Unknown module filename]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0xBF8B9E23-->82DB6A28 [Unknown module filename]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8A0D4F-->82D0B2C8 [Unknown module filename]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0xBF8F98FA-->82CFBE70 [Unknown module filename]
==============================================
>Processes
==============================================
0x82FCA7F8 [4] System
0x82CB5C08 [328] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x82D90818 [524] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x82CD4DA0 [576] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x82CAF460 [600] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x82CD3C40 [652] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x82E0A020 [664] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x82E14020 [836] C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. , WRConsumerService)
0x82CF3A58 [868] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82D06DA0 [924] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82DEDDA0 [1024] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82C6F5E0 [1048] C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Engine)
0x82CE96E8 [1120] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation, igfxTray Module)
0x82DB6BC0 [1136] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x82E89B28 [1148] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp., Realtek Sound Manager)
0x82D1E608 [1196] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82C92650 [1244] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x82D2CBE8 [1384] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82D357C8 [1448] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x825B2658 [1504] C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation, Windows TaskManager)
0x82D4C530 [1660] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x82D018B0 [2044] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. , WRTray)
0x827E2020 [2400] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x82D48280 [2636] C:\DOCUME~1\Lori\LOCALS~1\temp\Temporary Directory 1 for RKUnhookerLE.zip\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x82F088C8 [2924] C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe (Webroot Software, Inc. (www.webroot.com), Spy Sweeper SSU)
0x82D83628 [3032] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82F13600 [3496] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x827DFDA0 [3512] C:\Program Files\Webroot\Security\Current\Framework\WRFrame.exe (Webroot Software Inc, Webroot SpySweeper)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF839A000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 733184 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xF8546000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF06F000 C:\WINDOWS\System32\ialmdd5.DLL 483328 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xEFF93000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF82A4000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF00A0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEF5D5000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xEF10C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF86A6000 SSIDRV.SYS 200704 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0xF8302000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF86E8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 188416 bytes (Intel Corporation, Component GHAL Driver)
0xF8679000 C:\WINDOWS\SYSTEM32\Drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEECA3000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF002B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF0078000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF8634000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xEFA2F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF8376000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF8484000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF844D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF0056000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF01F000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF85FC000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF865A000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF01CC000 C:\WINDOWS\system32\drivers\ialmsbw.sys 114688 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000® & Windows XP™)
0xF852C000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF861C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEFF53000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF84BC000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 94208 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF85D3000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF8343000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEFA1A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF01E8000 C:\WINDOWS\system32\drivers\ialmkchw.sys 81920 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000® & Windows XP™)
0xF8470000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF84A8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF00F9000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF85EA000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF86D7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF8332000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8817000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF88B7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8897000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF88D7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF88C7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEFC13000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8977000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF013C000 C:\WINDOWS\SYSTEM32\Drivers\SSFMONM.SYS 57344 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xF8787000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8887000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 53248 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF88E7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8767000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8907000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF87D7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF88A7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8757000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF88F7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8737000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8957000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8747000 SSHRMD.SYS 40960 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0xF8947000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xEEE59000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8777000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8877000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8917000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF87C7000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF87F7000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8A97000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8A37000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8A57000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8A7F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF89BF000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8A47000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8A4F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8A3F000 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xF8A2F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8A87000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8A6F000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF8A8F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF89C7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8A5F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8A67000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF89B7000 C:\WINDOWS\SYSTEM32\Drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8AD7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8C03000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEFE37000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8BDF000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8B47000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF84D3000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8BE7000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8BC3000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8C6D000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8C3D000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8C8D000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8C6B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8C3B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8C37000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8C6F000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8CB7000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8C71000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8C49000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8C4B000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8C39000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8D56000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8DB1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8E5B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8CFF000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x82CC7120 unknown_irp_handler 3808 bytes
0x82CC1120 unknown_irp_handler 3808 bytes
0x82CBF120 unknown_irp_handler 3808 bytes
0x82CDF120 unknown_irp_handler 3808 bytes
0x82CD8120 unknown_irp_handler 3808 bytes
0x82CF6120 unknown_irp_handler 3808 bytes
0x82CF1120 unknown_irp_handler 3808 bytes
0x82CEC120 unknown_irp_handler 3808 bytes
0x82D0C120 unknown_irp_handler 3808 bytes
0x82D07120 unknown_irp_handler 3808 bytes
0x82CFC120 unknown_irp_handler 3808 bytes
0x82CCA1C0 unknown_irp_handler 3648 bytes
0x82CC51C0 unknown_irp_handler 3648 bytes
0x82CE31C0 unknown_irp_handler 3648 bytes
0x82CE11C0 unknown_irp_handler 3648 bytes
0x82CDD1C0 unknown_irp_handler 3648 bytes
0x82CDC1C0 unknown_irp_handler 3648 bytes
0x82CD61C0 unknown_irp_handler 3648 bytes
0x82CD31C0 unknown_irp_handler 3648 bytes
0x82CD11C0 unknown_irp_handler 3648 bytes
0x82CD01C0 unknown_irp_handler 3648 bytes
0x82CF81C0 unknown_irp_handler 3648 bytes
0x82CF41C0 unknown_irp_handler 3648 bytes
0x82CEF1C0 unknown_irp_handler 3648 bytes
0x82CEA1C0 unknown_irp_handler 3648 bytes
0x82CE51C0 unknown_irp_handler 3648 bytes
0x82D0A1C0 unknown_irp_handler 3648 bytes
0x82D051C0 unknown_irp_handler 3648 bytes
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA0C, Type: Inline - RelativeJump 0x804E2A0C-->804E29DD [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA40, Type: Inline - RelativeJump 0x804E2A40-->804E29F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA48, Type: Inline - RelativeCall 0x804E2A48-->F2D1281C [unknown_code_page]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF00DF460-->82FDC838 [unknown_code_page]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF87FCB1C-->82FDC740 [unknown_code_page]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF87FCB28-->82FDC838 [unknown_code_page]
[1448]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[1448]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[1448]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[1448]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]
[1448]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[1448]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[1448]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[1448]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
[2400]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->004013F0 [firefox.exe]
[2924]SSU.exe-->kernel32.dll+0x00002654, Type: Code Mismatch 0x7C802654 + 9812 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002664, Type: Code Mismatch 0x7C802664 + 9828 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002678, Type: Code Mismatch 0x7C802678 + 9848 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002688, Type: Code Mismatch 0x7C802688 + 9864 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002698, Type: Code Mismatch 0x7C802698 + 9880 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000026A8, Type: Code Mismatch 0x7C8026A8 + 9896 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000026B8, Type: Code Mismatch 0x7C8026B8 + 9912 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000026C8, Type: Code Mismatch 0x7C8026C8 + 9928 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000026D8, Type: Code Mismatch 0x7C8026D8 + 9944 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000026E8, Type: Code Mismatch 0x7C8026E8 + 9960 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000026F8, Type: Code Mismatch 0x7C8026F8 + 9976 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002708, Type: Code Mismatch 0x7C802708 + 9992 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002718, Type: Code Mismatch 0x7C802718 + 10008 [B0 51 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002728, Type: Code Mismatch 0x7C802728 + 10024 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002738, Type: Code Mismatch 0x7C802738 + 10040 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002748, Type: Code Mismatch 0x7C802748 + 10056 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002758, Type: Code Mismatch 0x7C802758 + 10072 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002768, Type: Code Mismatch 0x7C802768 + 10088 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002778, Type: Code Mismatch 0x7C802778 + 10104 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002788, Type: Code Mismatch 0x7C802788 + 10120 [30 49 81 83 30 49 81 83 90 4E 81 83 70 50 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002798, Type: Code Mismatch 0x7C802798 + 10136 [70 50 81 83 20 4F 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000027A8, Type: Code Mismatch 0x7C8027A8 + 10152 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000027B8, Type: Code Mismatch 0x7C8027B8 + 10168 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000027C8, Type: Code Mismatch 0x7C8027C8 + 10184 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000027D8, Type: Code Mismatch 0x7C8027D8 + 10200 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000027E8, Type: Code Mismatch 0x7C8027E8 + 10216 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000027F8, Type: Code Mismatch 0x7C8027F8 + 10232 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002808, Type: Code Mismatch 0x7C802808 + 10248 [30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002816, Type: Code Mismatch 0x7C802816 + 10262 [81 83 30 49 81 83 30 49 81 83 30 49 81 83 30 49]
[2924]SSU.exe-->kernel32.dll+0x00002826, Type: Code Mismatch 0x7C802826 + 10278 [81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002830, Type: Code Mismatch 0x7C802830 + 10288 [30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002840, Type: Code Mismatch 0x7C802840 + 10304 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002854, Type: Code Mismatch 0x7C802854 + 10324 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002864, Type: Code Mismatch 0x7C802864 + 10340 [30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002869, Type: Code Mismatch 0x7C802869 + 10345 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002879, Type: Code Mismatch 0x7C802879 + 10361 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002889, Type: Code Mismatch 0x7C802889 + 10377 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002899, Type: Code Mismatch 0x7C802899 + 10393 [49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000028A4, Type: Code Mismatch 0x7C8028A4 + 10404 [30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000028B0, Type: Code Mismatch 0x7C8028B0 + 10416 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000028C0, Type: Code Mismatch 0x7C8028C0 + 10432 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000028D0, Type: Code Mismatch 0x7C8028D0 + 10448 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000028E0, Type: Code Mismatch 0x7C8028E0 + 10464 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000028F0, Type: Code Mismatch 0x7C8028F0 + 10480 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002900, Type: Code Mismatch 0x7C802900 + 10496 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002910, Type: Code Mismatch 0x7C802910 + 10512 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002920, Type: Code Mismatch 0x7C802920 + 10528 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002930, Type: Code Mismatch 0x7C802930 + 10544 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002940, Type: Code Mismatch 0x7C802940 + 10560 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002950, Type: Code Mismatch 0x7C802950 + 10576 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002960, Type: Code Mismatch 0x7C802960 + 10592 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002970, Type: Code Mismatch 0x7C802970 + 10608 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002980, Type: Code Mismatch 0x7C802980 + 10624 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002990, Type: Code Mismatch 0x7C802990 + 10640 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000029A0, Type: Code Mismatch 0x7C8029A0 + 10656 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000029B0, Type: Code Mismatch 0x7C8029B0 + 10672 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000029C0, Type: Code Mismatch 0x7C8029C0 + 10688 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000029D0, Type: Code Mismatch 0x7C8029D0 + 10704 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000029E0, Type: Code Mismatch 0x7C8029E0 + 10720 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000029F0, Type: Code Mismatch 0x7C8029F0 + 10736 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002A00, Type: Code Mismatch 0x7C802A00 + 10752 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002A10, Type: Code Mismatch 0x7C802A10 + 10768 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002A20, Type: Code Mismatch 0x7C802A20 + 10784 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002A30, Type: Code Mismatch 0x7C802A30 + 10800 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002A40, Type: Code Mismatch 0x7C802A40 + 10816 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002A50, Type: Code Mismatch 0x7C802A50 + 10832 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002A60, Type: Code Mismatch 0x7C802A60 + 10848 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002A70, Type: Code Mismatch 0x7C802A70 + 10864 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002A80, Type: Code Mismatch 0x7C802A80 + 10880 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002A90, Type: Code Mismatch 0x7C802A90 + 10896 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002AA0, Type: Code Mismatch 0x7C802AA0 + 10912 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002AB0, Type: Code Mismatch 0x7C802AB0 + 10928 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002AC0, Type: Code Mismatch 0x7C802AC0 + 10944 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002AD0, Type: Code Mismatch 0x7C802AD0 + 10960 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002AE0, Type: Code Mismatch 0x7C802AE0 + 10976 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002AF0, Type: Code Mismatch 0x7C802AF0 + 10992 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002B00, Type: Code Mismatch 0x7C802B00 + 11008 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002B10, Type: Code Mismatch 0x7C802B10 + 11024 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002B20, Type: Code Mismatch 0x7C802B20 + 11040 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002B30, Type: Code Mismatch 0x7C802B30 + 11056 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002B40, Type: Code Mismatch 0x7C802B40 + 11072 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002B50, Type: Code Mismatch 0x7C802B50 + 11088 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002B60, Type: Code Mismatch 0x7C802B60 + 11104 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002B70, Type: Code Mismatch 0x7C802B70 + 11120 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002B80, Type: Code Mismatch 0x7C802B80 + 11136 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002B90, Type: Code Mismatch 0x7C802B90 + 11152 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002BA0, Type: Code Mismatch 0x7C802BA0 + 11168 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002BB0, Type: Code Mismatch 0x7C802BB0 + 11184 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002BC0, Type: Code Mismatch 0x7C802BC0 + 11200 [80 51 81 83 90 51 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002BD0, Type: Code Mismatch 0x7C802BD0 + 11216 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002BE0, Type: Code Mismatch 0x7C802BE0 + 11232 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002BF0, Type: Code Mismatch 0x7C802BF0 + 11248 [30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002BF8, Type: Code Mismatch 0x7C802BF8 + 11256 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002C08, Type: Code Mismatch 0x7C802C08 + 11272 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002C18, Type: Code Mismatch 0x7C802C18 + 11288 [30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002C21, Type: Code Mismatch 0x7C802C21 + 11297 [49 81 83 E0 49 81 83 40 4B 81 83 20 53 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002C31, Type: Code Mismatch 0x7C802C31 + 11313 [49 81 83 30 49 81 83 80 53 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002C41, Type: Code Mismatch 0x7C802C41 + 11329 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002C51, Type: Code Mismatch 0x7C802C51 + 11345 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002C61, Type: Code Mismatch 0x7C802C61 + 11361 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002C71, Type: Code Mismatch 0x7C802C71 + 11377 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002C81, Type: Code Mismatch 0x7C802C81 + 11393 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002C91, Type: Code Mismatch 0x7C802C91 + 11409 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002CA1, Type: Code Mismatch 0x7C802CA1 + 11425 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002CB1, Type: Code Mismatch 0x7C802CB1 + 11441 [49 81 83 A0 54 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002CC1, Type: Code Mismatch 0x7C802CC1 + 11457 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002CD1, Type: Code Mismatch 0x7C802CD1 + 11473 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002CE1, Type: Code Mismatch 0x7C802CE1 + 11489 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002CF1, Type: Code Mismatch 0x7C802CF1 + 11505 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002D01, Type: Code Mismatch 0x7C802D01 + 11521 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002D11, Type: Code Mismatch 0x7C802D11 + 11537 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002D21, Type: Code Mismatch 0x7C802D21 + 11553 [49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002D25, Type: Code Mismatch 0x7C802D25 + 11557 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002D35, Type: Code Mismatch 0x7C802D35 + 11573 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002D45, Type: Code Mismatch 0x7C802D45 + 11589 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002D55, Type: Code Mismatch 0x7C802D55 + 11605 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002D65, Type: Code Mismatch 0x7C802D65 + 11621 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002D75, Type: Code Mismatch 0x7C802D75 + 11637 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002D85, Type: Code Mismatch 0x7C802D85 + 11653 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002D95, Type: Code Mismatch 0x7C802D95 + 11669 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 A0]
[2924]SSU.exe-->kernel32.dll+0x00002DA5, Type: Code Mismatch 0x7C802DA5 + 11685 [51 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002DB5, Type: Code Mismatch 0x7C802DB5 + 11701 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002DC5, Type: Code Mismatch 0x7C802DC5 + 11717 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002DD5, Type: Code Mismatch 0x7C802DD5 + 11733 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002DE5, Type: Code Mismatch 0x7C802DE5 + 11749 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002DF5, Type: Code Mismatch 0x7C802DF5 + 11765 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002E05, Type: Code Mismatch 0x7C802E05 + 11781 [49 81 83 40 52 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002E15, Type: Code Mismatch 0x7C802E15 + 11797 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 70]
[2924]SSU.exe-->kernel32.dll+0x00002E25, Type: Code Mismatch 0x7C802E25 + 11813 [52 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002E35, Type: Code Mismatch 0x7C802E35 + 11829 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002E45, Type: Code Mismatch 0x7C802E45 + 11845 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002E55, Type: Code Mismatch 0x7C802E55 + 11861 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002E65, Type: Code Mismatch 0x7C802E65 + 11877 [49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002E6C, Type: Code Mismatch 0x7C802E6C + 11884 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002E7C, Type: Code Mismatch 0x7C802E7C + 11900 [30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002E84, Type: Code Mismatch 0x7C802E84 + 11908 [30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002E94, Type: Code Mismatch 0x7C802E94 + 11924 [30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002E9C, Type: Code Mismatch 0x7C802E9C + 11932 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002EAC, Type: Code Mismatch 0x7C802EAC + 11948 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002EC0, Type: Code Mismatch 0x7C802EC0 + 11968 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002ED4, Type: Code Mismatch 0x7C802ED4 + 11988 [30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002EE0, Type: Code Mismatch 0x7C802EE0 + 12000 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002EF0, Type: Code Mismatch 0x7C802EF0 + 12016 [F0 51 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002F00, Type: Code Mismatch 0x7C802F00 + 12032 [30 49 81 83 30 49 81 83 D0 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002F10, Type: Code Mismatch 0x7C802F10 + 12048 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002F20, Type: Code Mismatch 0x7C802F20 + 12064 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002F30, Type: Code Mismatch 0x7C802F30 + 12080 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002F40, Type: Code Mismatch 0x7C802F40 + 12096 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002F50, Type: Code Mismatch 0x7C802F50 + 12112 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002F64, Type: Code Mismatch 0x7C802F64 + 12132 [20 53 81 83 E0 53 81 83 40 54 81 83 80 53 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002F74, Type: Code Mismatch 0x7C802F74 + 12148 [30 49 81 83 30 49 81 83 40 52 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002F84, Type: Code Mismatch 0x7C802F84 + 12164 [30 49 81 83 30 49 81 83 70 52 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002F94, Type: Code Mismatch 0x7C802F94 + 12180 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002FA4, Type: Code Mismatch 0x7C802FA4 + 12196 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00002FB5, Type: Code Mismatch 0x7C802FB5 + 12213 [49 81 83 30 49 81 83 30 51 81 83 A0 50 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002FC5, Type: Code Mismatch 0x7C802FC5 + 12229 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002FD5, Type: Code Mismatch 0x7C802FD5 + 12245 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002FE5, Type: Code Mismatch 0x7C802FE5 + 12261 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00002FF5, Type: Code Mismatch 0x7C802FF5 + 12277 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003005, Type: Code Mismatch 0x7C803005 + 12293 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003015, Type: Code Mismatch 0x7C803015 + 12309 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003025, Type: Code Mismatch 0x7C803025 + 12325 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003035, Type: Code Mismatch 0x7C803035 + 12341 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003045, Type: Code Mismatch 0x7C803045 + 12357 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003055, Type: Code Mismatch 0x7C803055 + 12373 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003065, Type: Code Mismatch 0x7C803065 + 12389 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003075, Type: Code Mismatch 0x7C803075 + 12405 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003085, Type: Code Mismatch 0x7C803085 + 12421 [49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003094, Type: Code Mismatch 0x7C803094 + 12436 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000030A4, Type: Code Mismatch 0x7C8030A4 + 12452 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000030B4, Type: Code Mismatch 0x7C8030B4 + 12468 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000030C4, Type: Code Mismatch 0x7C8030C4 + 12484 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000030D4, Type: Code Mismatch 0x7C8030D4 + 12500 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000030E4, Type: Code Mismatch 0x7C8030E4 + 12516 [30 49 81 83 30 49 81 83 D0 4F 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000030F4, Type: Code Mismatch 0x7C8030F4 + 12532 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003104, Type: Code Mismatch 0x7C803104 + 12548 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003114, Type: Code Mismatch 0x7C803114 + 12564 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003124, Type: Code Mismatch 0x7C803124 + 12580 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003134, Type: Code Mismatch 0x7C803134 + 12596 [30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x0000313C, Type: Code Mismatch 0x7C80313C + 12604 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x0000314C, Type: Code Mismatch 0x7C80314C + 12620 [30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x0000315C, Type: Code Mismatch 0x7C80315C + 12636 [30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003178, Type: Code Mismatch 0x7C803178 + 12664 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003188, Type: Code Mismatch 0x7C803188 + 12680 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003198, Type: Code Mismatch 0x7C803198 + 12696 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000031A8, Type: Code Mismatch 0x7C8031A8 + 12712 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000031B8, Type: Code Mismatch 0x7C8031B8 + 12728 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000031C8, Type: Code Mismatch 0x7C8031C8 + 12744 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000031D8, Type: Code Mismatch 0x7C8031D8 + 12760 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000031E8, Type: Code Mismatch 0x7C8031E8 + 12776 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000031F8, Type: Code Mismatch 0x7C8031F8 + 12792 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003208, Type: Code Mismatch 0x7C803208 + 12808 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003218, Type: Code Mismatch 0x7C803218 + 12824 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003228, Type: Code Mismatch 0x7C803228 + 12840 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x0000323C, Type: Code Mismatch 0x7C80323C + 12860 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x0000324C, Type: Code Mismatch 0x7C80324C + 12876 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x0000325C, Type: Code Mismatch 0x7C80325C + 12892 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x0000326C, Type: Code Mismatch 0x7C80326C + 12908 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x0000327C, Type: Code Mismatch 0x7C80327C + 12924 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x0000328C, Type: Code Mismatch 0x7C80328C + 12940 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x0000329C, Type: Code Mismatch 0x7C80329C + 12956 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000032B0, Type: Code Mismatch 0x7C8032B0 + 12976 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000032C0, Type: Code Mismatch 0x7C8032C0 + 12992 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000032D0, Type: Code Mismatch 0x7C8032D0 + 13008 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000032E0, Type: Code Mismatch 0x7C8032E0 + 13024 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000032F0, Type: Code Mismatch 0x7C8032F0 + 13040 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003300, Type: Code Mismatch 0x7C803300 + 13056 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003310, Type: Code Mismatch 0x7C803310 + 13072 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003320, Type: Code Mismatch 0x7C803320 + 13088 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003330, Type: Code Mismatch 0x7C803330 + 13104 [30]
[2924]SSU.exe-->kernel32.dll+0x00003332, Type: Code Mismatch 0x7C803332 + 13106 [81 83 30 49 81 83 30 49 81 83 30 49 81 83 30 49]
[2924]SSU.exe-->kernel32.dll+0x00003342, Type: Code Mismatch 0x7C803342 + 13122 [81 83 30 49 81 83 30 49 81 83 30 49 81 83 30 49]
[2924]SSU.exe-->kernel32.dll+0x00003352, Type: Code Mismatch 0x7C803352 + 13138 [81 83 30 49 81 83 30 49 81 83 30 49 81 83 30 49]
[2924]SSU.exe-->kernel32.dll+0x00003362, Type: Code Mismatch 0x7C803362 + 13154 [81 83 30 49 81 83 30 49 81 83 30 49 81 83 30 49]
[2924]SSU.exe-->kernel32.dll+0x00003372, Type: Code Mismatch 0x7C803372 + 13170 [81 83 30 49 81 83 30 49 81 83 30 49 81 83 30 49]
[2924]SSU.exe-->kernel32.dll+0x00003382, Type: Code Mismatch 0x7C803382 + 13186 [81 83 30 49 81 83 30 49 81 83 30 49 81 83 30 49]
[2924]SSU.exe-->kernel32.dll+0x00003392, Type: Code Mismatch 0x7C803392 + 13202 [81 83 30 49 81 83 30 49 81 83 30 49 81 83 30 49]
[2924]SSU.exe-->kernel32.dll+0x000033A2, Type: Code Mismatch 0x7C8033A2 + 13218 [81 83 30 49 81 83 30 49 81 83 30 49 81 83 30 49]
[2924]SSU.exe-->kernel32.dll+0x000033B2, Type: Code Mismatch 0x7C8033B2 + 13234 [81 83]
[2924]SSU.exe-->kernel32.dll+0x000033B8, Type: Code Mismatch 0x7C8033B8 + 13240 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000033C8, Type: Code Mismatch 0x7C8033C8 + 13256 [30 49 81 83 30 49 81 83 60 51 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000033D8, Type: Code Mismatch 0x7C8033D8 + 13272 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000033E8, Type: Code Mismatch 0x7C8033E8 + 13288 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x000033F8, Type: Code Mismatch 0x7C8033F8 + 13304 [30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003404, Type: Code Mismatch 0x7C803404 + 13316 [30 49 81 83 30 49 81 83 30 49 81 83 A0 52 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003414, Type: Code Mismatch 0x7C803414 + 13332 [30 49 81 83 30 49 81 83 D0 52 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003424, Type: Code Mismatch 0x7C803424 + 13348 [30 49 81 83 F0 52 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003434, Type: Code Mismatch 0x7C803434 + 13364 [30 49 81 83 30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003444, Type: Code Mismatch 0x7C803444 + 13380 [30 49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll+0x00003451, Type: Code Mismatch 0x7C803451 + 13393 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003461, Type: Code Mismatch 0x7C803461 + 13409 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003471, Type: Code Mismatch 0x7C803471 + 13425 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003481, Type: Code Mismatch 0x7C803481 + 13441 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003491, Type: Code Mismatch 0x7C803491 + 13457 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x000034A1, Type: Code Mismatch 0x7C8034A1 + 13473 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x000034B1, Type: Code Mismatch 0x7C8034B1 + 13489 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x000034C1, Type: Code Mismatch 0x7C8034C1 + 13505 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x000034D1, Type: Code Mismatch 0x7C8034D1 + 13521 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x000034E1, Type: Code Mismatch 0x7C8034E1 + 13537 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x000034F1, Type: Code Mismatch 0x7C8034F1 + 13553 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003501, Type: Code Mismatch 0x7C803501 + 13569 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003511, Type: Code Mismatch 0x7C803511 + 13585 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003521, Type: Code Mismatch 0x7C803521 + 13601 [49 81 83 30 49 81 83 30 49 81 83 30 49 81 83 30]
[2924]SSU.exe-->kernel32.dll+0x00003531, Type: Code Mismatch 0x7C803531 + 13617 [49 81 83 30 49 81 83 30 49 81 83]
[2924]SSU.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00014930 [SSU.exe]
[2924]SSU.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - PushRet 0x7C801AF5-->7C80000C [kernel32.dll]
[2924]SSU.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x7C809AF1-->000152A0 [SSU.exe]
[2924]SSU.exe-->kernel32.dll-->VirtualFree, Type: Inline - RelativeJump 0x7C809B84-->000152D0 [SSU.exe]
[2924]SSU.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->000152F0 [SSU.exe]
[2924]SSU.exe-->ntdll.dll+0x00003428, Type: Inline - RelativeJump 0x7C903428-->7C9033B7 [ntdll.dll]
[2924]SSU.exe-->ntdll.dll+0x00003439, Type: Code Mismatch 0x7C903439 + 13369 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003449, Type: Code Mismatch 0x7C903449 + 13385 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003459, Type: Code Mismatch 0x7C903459 + 13401 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003469, Type: Code Mismatch 0x7C903469 + 13417 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003479, Type: Code Mismatch 0x7C903479 + 13433 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003489, Type: Code Mismatch 0x7C903489 + 13449 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003499, Type: Code Mismatch 0x7C903499 + 13465 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000034A9, Type: Code Mismatch 0x7C9034A9 + 13481 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000034B9, Type: Code Mismatch 0x7C9034B9 + 13497 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000034C9, Type: Code Mismatch 0x7C9034C9 + 13513 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000034D9, Type: Code Mismatch 0x7C9034D9 + 13529 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000034E9, Type: Code Mismatch 0x7C9034E9 + 13545 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000034F9, Type: Code Mismatch 0x7C9034F9 + 13561 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003509, Type: Code Mismatch 0x7C903509 + 13577 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003519, Type: Code Mismatch 0x7C903519 + 13593 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003529, Type: Code Mismatch 0x7C903529 + 13609 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003539, Type: Code Mismatch 0x7C903539 + 13625 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003549, Type: Code Mismatch 0x7C903549 + 13641 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003559, Type: Code Mismatch 0x7C903559 + 13657 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003569, Type: Code Mismatch 0x7C903569 + 13673 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003579, Type: Code Mismatch 0x7C903579 + 13689 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003589, Type: Code Mismatch 0x7C903589 + 13705 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003599, Type: Code Mismatch 0x7C903599 + 13721 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000035A9, Type: Code Mismatch 0x7C9035A9 + 13737 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000035B9, Type: Code Mismatch 0x7C9035B9 + 13753 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000035C9, Type: Code Mismatch 0x7C9035C9 + 13769 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000035D9, Type: Code Mismatch 0x7C9035D9 + 13785 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000035E9, Type: Code Mismatch 0x7C9035E9 + 13801 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000035F9, Type: Code Mismatch 0x7C9035F9 + 13817 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003609, Type: Code Mismatch 0x7C903609 + 13833 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003619, Type: Code Mismatch 0x7C903619 + 13849 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003629, Type: Code Mismatch 0x7C903629 + 13865 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003639, Type: Code Mismatch 0x7C903639 + 13881 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003649, Type: Code Mismatch 0x7C903649 + 13897 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003659, Type: Code Mismatch 0x7C903659 + 13913 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003669, Type: Code Mismatch 0x7C903669 + 13929 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003679, Type: Code Mismatch 0x7C903679 + 13945 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003689, Type: Code Mismatch 0x7C903689 + 13961 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003699, Type: Code Mismatch 0x7C903699 + 13977 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000036A9, Type: Code Mismatch 0x7C9036A9 + 13993 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000036B9, Type: Code Mismatch 0x7C9036B9 + 14009 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000036C9, Type: Code Mismatch 0x7C9036C9 + 14025 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000036D9, Type: Code Mismatch 0x7C9036D9 + 14041 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000036E9, Type: Code Mismatch 0x7C9036E9 + 14057 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000036F9, Type: Code Mismatch 0x7C9036F9 + 14073 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003709, Type: Code Mismatch 0x7C903709 + 14089 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003719, Type: Code Mismatch 0x7C903719 + 14105 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003729, Type: Code Mismatch 0x7C903729 + 14121 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003739, Type: Code Mismatch 0x7C903739 + 14137 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003749, Type: Code Mismatch 0x7C903749 + 14153 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003759, Type: Code Mismatch 0x7C903759 + 14169 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003769, Type: Code Mismatch 0x7C903769 + 14185 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003779, Type: Code Mismatch 0x7C903779 + 14201 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003789, Type: Code Mismatch 0x7C903789 + 14217 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003799, Type: Code Mismatch 0x7C903799 + 14233 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000037A9, Type: Code Mismatch 0x7C9037A9 + 14249 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000037B9, Type: Code Mismatch 0x7C9037B9 + 14265 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000037C9, Type: Code Mismatch 0x7C9037C9 + 14281 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000037D9, Type: Code Mismatch 0x7C9037D9 + 14297 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000037E9, Type: Code Mismatch 0x7C9037E9 + 14313 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000037F9, Type: Code Mismatch 0x7C9037F9 + 14329 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003809, Type: Code Mismatch 0x7C903809 + 14345 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003819, Type: Code Mismatch 0x7C903819 + 14361 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003829, Type: Code Mismatch 0x7C903829 + 14377 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003839, Type: Code Mismatch 0x7C903839 + 14393 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003849, Type: Code Mismatch 0x7C903849 + 14409 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003859, Type: Code Mismatch 0x7C903859 + 14425 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003869, Type: Code Mismatch 0x7C903869 + 14441 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003879, Type: Code Mismatch 0x7C903879 + 14457 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003889, Type: Code Mismatch 0x7C903889 + 14473 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003899, Type: Code Mismatch 0x7C903899 + 14489 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000038A9, Type: Code Mismatch 0x7C9038A9 + 14505 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000038B9, Type: Code Mismatch 0x7C9038B9 + 14521 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000038C9, Type: Code Mismatch 0x7C9038C9 + 14537 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000038D9, Type: Code Mismatch 0x7C9038D9 + 14553 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000038E9, Type: Code Mismatch 0x7C9038E9 + 14569 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000038F9, Type: Code Mismatch 0x7C9038F9 + 14585 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003909, Type: Code Mismatch 0x7C903909 + 14601 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003919, Type: Code Mismatch 0x7C903919 + 14617 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003929, Type: Code Mismatch 0x7C903929 + 14633 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003939, Type: Code Mismatch 0x7C903939 + 14649 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003949, Type: Code Mismatch 0x7C903949 + 14665 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003959, Type: Code Mismatch 0x7C903959 + 14681 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003969, Type: Code Mismatch 0x7C903969 + 14697 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003979, Type: Code Mismatch 0x7C903979 + 14713 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003989, Type: Code Mismatch 0x7C903989 + 14729 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003999, Type: Code Mismatch 0x7C903999 + 14745 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000039A9, Type: Code Mismatch 0x7C9039A9 + 14761 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000039B9, Type: Code Mismatch 0x7C9039B9 + 14777 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000039C9, Type: Code Mismatch 0x7C9039C9 + 14793 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000039D9, Type: Code Mismatch 0x7C9039D9 + 14809 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000039E9, Type: Code Mismatch 0x7C9039E9 + 14825 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000039F9, Type: Code Mismatch 0x7C9039F9 + 14841 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003A09, Type: Code Mismatch 0x7C903A09 + 14857 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003A19, Type: Code Mismatch 0x7C903A19 + 14873 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003A29, Type: Code Mismatch 0x7C903A29 + 14889 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003A39, Type: Code Mismatch 0x7C903A39 + 14905 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003A49, Type: Code Mismatch 0x7C903A49 + 14921 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003A59, Type: Code Mismatch 0x7C903A59 + 14937 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003A69, Type: Code Mismatch 0x7C903A69 + 14953 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003A79, Type: Code Mismatch 0x7C903A79 + 14969 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003A89, Type: Code Mismatch 0x7C903A89 + 14985 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003A99, Type: Code Mismatch 0x7C903A99 + 15001 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003AA9, Type: Code Mismatch 0x7C903AA9 + 15017 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003AB9, Type: Code Mismatch 0x7C903AB9 + 15033 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003AC9, Type: Code Mismatch 0x7C903AC9 + 15049 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003AD9, Type: Code Mismatch 0x7C903AD9 + 15065 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003AE9, Type: Code Mismatch 0x7C903AE9 + 15081 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003AF9, Type: Code Mismatch 0x7C903AF9 + 15097 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003B09, Type: Code Mismatch 0x7C903B09 + 15113 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003B19, Type: Code Mismatch 0x7C903B19 + 15129 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003B29, Type: Code Mismatch 0x7C903B29 + 15145 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003B39, Type: Code Mismatch 0x7C903B39 + 15161 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003B49, Type: Code Mismatch 0x7C903B49 + 15177 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00003B59, Type: Inline - RelativeJump 0x7C903B59-->7C903AE3 [ntdll.dll]
[2924]SSU.exe-->ntdll.dll+0x00003B6A, Type: Code Mismatch 0x7C903B6A + 15210 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003B7A, Type: Code Mismatch 0x7C903B7A + 15226 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003B8A, Type: Code Mismatch 0x7C903B8A + 15242 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003B9A, Type: Code Mismatch 0x7C903B9A + 15258 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003BAA, Type: Code Mismatch 0x7C903BAA + 15274 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003BBA, Type: Code Mismatch 0x7C903BBA + 15290 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003BCA, Type: Code Mismatch 0x7C903BCA + 15306 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003BDA, Type: Code Mismatch 0x7C903BDA + 15322 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003BEA, Type: Code Mismatch 0x7C903BEA + 15338 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003BFA, Type: Code Mismatch 0x7C903BFA + 15354 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003C0A, Type: Code Mismatch 0x7C903C0A + 15370 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003C1A, Type: Code Mismatch 0x7C903C1A + 15386 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003C2A, Type: Code Mismatch 0x7C903C2A + 15402 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003C3A, Type: Code Mismatch 0x7C903C3A + 15418 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003C4A, Type: Code Mismatch 0x7C903C4A + 15434 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003C5A, Type: Code Mismatch 0x7C903C5A + 15450 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003C6A, Type: Code Mismatch 0x7C903C6A + 15466 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003C7A, Type: Code Mismatch 0x7C903C7A + 15482 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003C8A, Type: Code Mismatch 0x7C903C8A + 15498 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003C9A, Type: Code Mismatch 0x7C903C9A + 15514 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003CAA, Type: Code Mismatch 0x7C903CAA + 15530 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003CBA, Type: Code Mismatch 0x7C903CBA + 15546 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003CCA, Type: Code Mismatch 0x7C903CCA + 15562 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003CDA, Type: Code Mismatch 0x7C903CDA + 15578 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003CEA, Type: Code Mismatch 0x7C903CEA + 15594 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003CFA, Type: Code Mismatch 0x7C903CFA + 15610 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003D0A, Type: Code Mismatch 0x7C903D0A + 15626 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003D1A, Type: Code Mismatch 0x7C903D1A + 15642 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003D2A, Type: Code Mismatch 0x7C903D2A + 15658 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003D3A, Type: Code Mismatch 0x7C903D3A + 15674 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003D4A, Type: Code Mismatch 0x7C903D4A + 15690 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003D5A, Type: Code Mismatch 0x7C903D5A + 15706 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003D6A, Type: Code Mismatch 0x7C903D6A + 15722 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003D7A, Type: Code Mismatch 0x7C903D7A + 15738 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003D8A, Type: Code Mismatch 0x7C903D8A + 15754 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003D9A, Type: Inline - RelativeJump 0x7C903D9A-->7C903D23 [ntdll.dll]
[2924]SSU.exe-->ntdll.dll+0x00003DAA, Type: Code Mismatch 0x7C903DAA + 15786 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003DBA, Type: Code Mismatch 0x7C903DBA + 15802 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003DCA, Type: Code Mismatch 0x7C903DCA + 15818 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003DDA, Type: Code Mismatch 0x7C903DDA + 15834 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003DEA, Type: Code Mismatch 0x7C903DEA + 15850 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003DFA, Type: Code Mismatch 0x7C903DFA + 15866 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003E0A, Type: Code Mismatch 0x7C903E0A + 15882 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003E1A, Type: Code Mismatch 0x7C903E1A + 15898 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003E2A, Type: Code Mismatch 0x7C903E2A + 15914 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003E3A, Type: Code Mismatch 0x7C903E3A + 15930 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003E4A, Type: Code Mismatch 0x7C903E4A + 15946 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003E5A, Type: Code Mismatch 0x7C903E5A + 15962 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003E6A, Type: Code Mismatch 0x7C903E6A + 15978 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003E7A, Type: Code Mismatch 0x7C903E7A + 15994 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003E8A, Type: Code Mismatch 0x7C903E8A + 16010 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003E9A, Type: Code Mismatch 0x7C903E9A + 16026 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003EAA, Type: Code Mismatch 0x7C903EAA + 16042 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003EBA, Type: Code Mismatch 0x7C903EBA + 16058 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003ECA, Type: Code Mismatch 0x7C903ECA + 16074 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003EDA, Type: Code Mismatch 0x7C903EDA + 16090 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003EEA, Type: Code Mismatch 0x7C903EEA + 16106 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003EFA, Type: Code Mismatch 0x7C903EFA + 16122 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003F0A, Type: Code Mismatch 0x7C903F0A + 16138 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003F1A, Type: Code Mismatch 0x7C903F1A + 16154 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003F2A, Type: Code Mismatch 0x7C903F2A + 16170 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003F3A, Type: Code Mismatch 0x7C903F3A + 16186 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003F4A, Type: Code Mismatch 0x7C903F4A + 16202 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003F5A, Type: Code Mismatch 0x7C903F5A + 16218 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003F6A, Type: Code Mismatch 0x7C903F6A + 16234 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003F7A, Type: Code Mismatch 0x7C903F7A + 16250 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003F8A, Type: Code Mismatch 0x7C903F8A + 16266 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003F9A, Type: Inline - RelativeJump 0x7C903F9A-->7C903F23 [ntdll.dll]
[2924]SSU.exe-->ntdll.dll+0x00003FB2, Type: Code Mismatch 0x7C903FB2 + 16306 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003FC2, Type: Code Mismatch 0x7C903FC2 + 16322 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003FD2, Type: Code Mismatch 0x7C903FD2 + 16338 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003FE2, Type: Code Mismatch 0x7C903FE2 + 16354 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00003FF2, Type: Code Mismatch 0x7C903FF2 + 16370 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00004002, Type: Code Mismatch 0x7C904002 + 16386 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00004012, Type: Code Mismatch 0x7C904012 + 16402 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00004022, Type: Code Mismatch 0x7C904022 + 16418 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x00004032, Type: Inline - RelativeJump 0x7C904032-->7C903FBB [ntdll.dll]
[2924]SSU.exe-->ntdll.dll+0x00004041, Type: Code Mismatch 0x7C904041 + 16449 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004051, Type: Code Mismatch 0x7C904051 + 16465 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004061, Type: Code Mismatch 0x7C904061 + 16481 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004071, Type: Code Mismatch 0x7C904071 + 16497 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004081, Type: Inline - RelativeJump 0x7C904081-->7C90400B [ntdll.dll]
[2924]SSU.exe-->ntdll.dll+0x00004099, Type: Code Mismatch 0x7C904099 + 16537 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000040A9, Type: Code Mismatch 0x7C9040A9 + 16553 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000040B9, Type: Code Mismatch 0x7C9040B9 + 16569 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000040C9, Type: Code Mismatch 0x7C9040C9 + 16585 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000040D9, Type: Code Mismatch 0x7C9040D9 + 16601 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000040E9, Type: Code Mismatch 0x7C9040E9 + 16617 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000040F9, Type: Code Mismatch 0x7C9040F9 + 16633 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004109, Type: Code Mismatch 0x7C904109 + 16649 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004119, Type: Code Mismatch 0x7C904119 + 16665 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004129, Type: Code Mismatch 0x7C904129 + 16681 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004139, Type: Code Mismatch 0x7C904139 + 16697 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004149, Type: Code Mismatch 0x7C904149 + 16713 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004159, Type: Code Mismatch 0x7C904159 + 16729 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004169, Type: Code Mismatch 0x7C904169 + 16745 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004179, Type: Code Mismatch 0x7C904179 + 16761 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004189, Type: Code Mismatch 0x7C904189 + 16777 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004199, Type: Code Mismatch 0x7C904199 + 16793 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000041A9, Type: Code Mismatch 0x7C9041A9 + 16809 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000041B9, Type: Code Mismatch 0x7C9041B9 + 16825 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000041C9, Type: Code Mismatch 0x7C9041C9 + 16841 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000041D9, Type: Code Mismatch 0x7C9041D9 + 16857 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000041E9, Type: Code Mismatch 0x7C9041E9 + 16873 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000041F9, Type: Code Mismatch 0x7C9041F9 + 16889 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004209, Type: Code Mismatch 0x7C904209 + 16905 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004219, Type: Code Mismatch 0x7C904219 + 16921 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004229, Type: Code Mismatch 0x7C904229 + 16937 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004239, Type: Code Mismatch 0x7C904239 + 16953 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004249, Type: Code Mismatch 0x7C904249 + 16969 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004259, Type: Code Mismatch 0x7C904259 + 16985 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004269, Type: Code Mismatch 0x7C904269 + 17001 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004279, Type: Code Mismatch 0x7C904279 + 17017 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004289, Type: Code Mismatch 0x7C904289 + 17033 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004299, Type: Code Mismatch 0x7C904299 + 17049 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000042A9, Type: Code Mismatch 0x7C9042A9 + 17065 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000042B9, Type: Code Mismatch 0x7C9042B9 + 17081 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000042C9, Type: Code Mismatch 0x7C9042C9 + 17097 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000042D9, Type: Code Mismatch 0x7C9042D9 + 17113 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000042E9, Type: Code Mismatch 0x7C9042E9 + 17129 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000042F9, Type: Code Mismatch 0x7C9042F9 + 17145 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004309, Type: Code Mismatch 0x7C904309 + 17161 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004319, Type: Code Mismatch 0x7C904319 + 17177 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004329, Type: Code Mismatch 0x7C904329 + 17193 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004339, Type: Code Mismatch 0x7C904339 + 17209 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004349, Type: Code Mismatch 0x7C904349 + 17225 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004359, Type: Code Mismatch 0x7C904359 + 17241 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004369, Type: Code Mismatch 0x7C904369 + 17257 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004379, Type: Code Mismatch 0x7C904379 + 17273 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004389, Type: Code Mismatch 0x7C904389 + 17289 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004399, Type: Code Mismatch 0x7C904399 + 17305 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000043A9, Type: Code Mismatch 0x7C9043A9 + 17321 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000043B9, Type: Code Mismatch 0x7C9043B9 + 17337 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000043C9, Type: Code Mismatch 0x7C9043C9 + 17353 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000043D9, Type: Code Mismatch 0x7C9043D9 + 17369 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000043E9, Type: Code Mismatch 0x7C9043E9 + 17385 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000043F9, Type: Code Mismatch 0x7C9043F9 + 17401 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004409, Type: Code Mismatch 0x7C904409 + 17417 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004419, Type: Code Mismatch 0x7C904419 + 17433 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004429, Type: Code Mismatch 0x7C904429 + 17449 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004439, Type: Code Mismatch 0x7C904439 + 17465 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004449, Type: Code Mismatch 0x7C904449 + 17481 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004459, Type: Code Mismatch 0x7C904459 + 17497 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004469, Type: Code Mismatch 0x7C904469 + 17513 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004479, Type: Code Mismatch 0x7C904479 + 17529 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004489, Type: Code Mismatch 0x7C904489 + 17545 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004499, Type: Code Mismatch 0x7C904499 + 17561 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000044A9, Type: Code Mismatch 0x7C9044A9 + 17577 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000044B9, Type: Code Mismatch 0x7C9044B9 + 17593 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000044C9, Type: Code Mismatch 0x7C9044C9 + 17609 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000044D9, Type: Code Mismatch 0x7C9044D9 + 17625 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000044E9, Type: Code Mismatch 0x7C9044E9 + 17641 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000044F9, Type: Code Mismatch 0x7C9044F9 + 17657 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004509, Type: Code Mismatch 0x7C904509 + 17673 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004519, Type: Code Mismatch 0x7C904519 + 17689 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004529, Type: Code Mismatch 0x7C904529 + 17705 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004539, Type: Code Mismatch 0x7C904539 + 17721 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004549, Type: Code Mismatch 0x7C904549 + 17737 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004559, Type: Code Mismatch 0x7C904559 + 17753 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004569, Type: Code Mismatch 0x7C904569 + 17769 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004579, Type: Code Mismatch 0x7C904579 + 17785 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004589, Type: Code Mismatch 0x7C904589 + 17801 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004599, Type: Code Mismatch 0x7C904599 + 17817 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000045A9, Type: Code Mismatch 0x7C9045A9 + 17833 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000045B9, Type: Code Mismatch 0x7C9045B9 + 17849 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000045C9, Type: Code Mismatch 0x7C9045C9 + 17865 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000045D9, Type: Code Mismatch 0x7C9045D9 + 17881 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000045E9, Type: Code Mismatch 0x7C9045E9 + 17897 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000045F9, Type: Code Mismatch 0x7C9045F9 + 17913 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004609, Type: Code Mismatch 0x7C904609 + 17929 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004619, Type: Code Mismatch 0x7C904619 + 17945 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004629, Type: Code Mismatch 0x7C904629 + 17961 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004639, Type: Code Mismatch 0x7C904639 + 17977 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004649, Type: Code Mismatch 0x7C904649 + 17993 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004659, Type: Code Mismatch 0x7C904659 + 18009 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004669, Type: Code Mismatch 0x7C904669 + 18025 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004679, Type: Code Mismatch 0x7C904679 + 18041 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004689, Type: Code Mismatch 0x7C904689 + 18057 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004699, Type: Code Mismatch 0x7C904699 + 18073 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000046A9, Type: Code Mismatch 0x7C9046A9 + 18089 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000046B9, Type: Code Mismatch 0x7C9046B9 + 18105 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000046C9, Type: Code Mismatch 0x7C9046C9 + 18121 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000046D9, Type: Code Mismatch 0x7C9046D9 + 18137 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000046E9, Type: Code Mismatch 0x7C9046E9 + 18153 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000046F9, Type: Code Mismatch 0x7C9046F9 + 18169 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004709, Type: Code Mismatch 0x7C904709 + 18185 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004719, Type: Code Mismatch 0x7C904719 + 18201 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004729, Type: Code Mismatch 0x7C904729 + 18217 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004739, Type: Code Mismatch 0x7C904739 + 18233 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004749, Type: Code Mismatch 0x7C904749 + 18249 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004759, Type: Code Mismatch 0x7C904759 + 18265 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004769, Type: Code Mismatch 0x7C904769 + 18281 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004779, Type: Code Mismatch 0x7C904779 + 18297 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004789, Type: Code Mismatch 0x7C904789 + 18313 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x00004799, Type: Code Mismatch 0x7C904799 + 18329 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000047A9, Type: Code Mismatch 0x7C9047A9 + 18345 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000047B9, Type: Code Mismatch 0x7C9047B9 + 18361 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000047C9, Type: Code Mismatch 0x7C9047C9 + 18377 [49 71 83 30 49 71 83 30 49 71 83 30 49 71 83 30]
[2924]SSU.exe-->ntdll.dll+0x000047D9, Type: Inline - RelativeJump 0x7C9047D9-->7C904763 [ntdll.dll]
[2924]SSU.exe-->ntdll.dll+0x000047EA, Type: Code Mismatch 0x7C9047EA + 18410 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x000047FA, Type: Code Mismatch 0x7C9047FA + 18426 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x0000480A, Type: Code Mismatch 0x7C90480A + 18442 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x0000481A, Type: Code Mismatch 0x7C90481A + 18458 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x0000482A, Type: Code Mismatch 0x7C90482A + 18474 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x0000483A, Type: Code Mismatch 0x7C90483A + 18490 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x0000484A, Type: Code Mismatch 0x7C90484A + 18506 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x0000485A, Type: Code Mismatch 0x7C90485A + 18522 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x0000486A, Type: Inline - RelativeJump 0x7C90486A-->7C9047F3 [ntdll.dll]
[2924]SSU.exe-->ntdll.dll+0x0000487E, Type: Code Mismatch 0x7C90487E + 18558 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x0000488E, Type: Code Mismatch 0x7C90488E + 18574 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x0000489E, Type: Code Mismatch 0x7C90489E + 18590 [71 83 30 49 71 83 30 49 71 83 30 49 71 83 30 49]
[2924]SSU.exe-->ntdll.dll+0x000048AE, Type: Inline - RelativeJump 0x7C9048AE-->7C904837 [ntdll.dll]
[2924]SSU.exe-->ntdll.dll-->KiUserApcDispatcher, Type: Inline - RelativeJump 0x7C90E450-->50367370 [SSUDLL.dll]
[2924]SSU.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E485-->000160B0 [SSU.exe]
[3496]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->10406373 [xul.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#4 Addie2

Addie2
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 03 June 2011 - 11:33 PM

Thanks for your help!! I know you said not to attach files but it said the otl log was too long to post here.

EDIT: Now it says it's too big to upload.

Edited by Addie2, 03 June 2011 - 11:34 PM.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:08 AM

Posted 04 June 2011 - 09:24 AM

Hi!

Please submit the file to my submission channel:

Uploading File
Please visit this site & follow the instructions for uploading the file mentioned below.
Copy/paste the contents of the Code Box below into the Link to topic where this file was requested: box:
http://www.bleepingcomputer.com/forums/topic399399.html/page__view__findpost__p__2276301
Click Browse & navigate to where the OTL.txt file is saved.

Please post back here after you've submitted the file.

Cheers,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Addie2

Addie2
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 05 June 2011 - 05:22 PM

Sent!

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:08 AM

Posted 05 June 2011 - 06:05 PM

Hi!

I received your log file successfully.

OTL logfile created on: 2/5/2002 4:32:27 AM - Run 2

It appears that the date your computer is set to is wrong and needs to be changed to the proper date/year. You should also ensure that the time that is set is right as well.

You seem to have a lot of malware removal tools on your computer as well as a lot of outdated installation files, I'm removing them, as they are outdated, and if you want to use the programs, you should install the latest version of them.


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O30 - LSA: Authentication Packages - (ows\s) -  File not found
    O30 - LSA: Security Packages - (ecurity Packages settings...) -  File not found
    O30 - LSA: Security Packages - (r) -  File not found
    [2011/04/28 19:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Application Data\Yzar
    [2010/07/09 22:25:58 | 001,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Lori\My Documents\install_flash_player.exe
    [2010/07/09 22:25:58 | 001,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Lori\My Documents\install_flash_player(3).exe
    [2010/07/09 22:25:58 | 001,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Lori\My Documents\install_flash_player(2).exe
    [2010/07/09 22:25:45 | 002,698,636 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_285a1462.exe
    [2010/07/09 22:25:43 | 063,049,904 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_285a1462(2).exe
    [2010/07/09 22:25:40 | 062,729,728 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_283a1450.exe
    [2010/07/09 22:25:40 | 000,839,208 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Lori\My Documents\avg_free_stb_en_8_18.exe
    [2010/07/09 22:25:33 | 043,083,040 | ---- | C] (                                   ) -- C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US_Std.exe
    [2010/07/09 22:25:32 | 026,739,584 | ---- | C] (                                   ) -- C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US.exe
    [2010/07/09 22:25:31 | 026,739,584 | ---- | C] (                                   ) -- C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US(2).exe
    [2010/07/09 22:20:44 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Lori\Desktop\install_flash_player.exe
    [2010/07/09 22:20:39 | 006,039,048 | ---- | C] (Mozilla) -- C:\Documents and Settings\Lori\Desktop\Firefox Setup 2.0.0.14.exe
    [2010/07/09 22:20:32 | 023,454,528 | ---- | C] (                                   ) -- C:\Documents and Settings\Lori\Desktop\AdbeRdr812_en_US.exe
    [2002/01/26 02:39:07 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Lori\Desktop\dds.scr
    [2002/01/18 11:56:40 | 005,883,880 | ---- | C] (Support.com                                                 ) -- C:\Documents and Settings\Lori\My Documents\ARO2011_tbt.exe
    [2011/04/19 22:14:52 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ljmt73K5B.dat
    [2010/11/26 22:21:52 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Lori\Desktop\install_flash_player.exe
    [2010/11/11 20:06:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Lori\Desktop\mbam-setup-1.46.exe
    [2010/11/11 20:05:25 | 001,215,581 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\tdsskiller.zip
    [2009/09/02 20:18:33 | 026,739,584 | ---- | M] (                                   ) -- C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US(2).exe
    [2009/09/02 19:52:27 | 026,739,584 | ---- | M] (                                   ) -- C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US.exe
    [2009/09/02 19:47:54 | 001,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Lori\My Documents\install_flash_player.exe
    [2009/04/30 22:36:20 | 063,049,904 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_285a1462(2).exe
    [2009/04/30 22:32:54 | 000,839,208 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Lori\My Documents\avg_free_stb_en_8_18.exe
    [2009/03/31 23:09:35 | 005,936,600 | ---- | M] (CNET TechTracker       ) -- C:\Documents and Settings\Lori\My Documents\VersionTracker_Pro_Windows_4_1_cn0075.exe
    [2009/03/31 22:52:51 | 002,698,636 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_285a1462.exe
    [2009/03/25 23:01:52 | 043,083,040 | ---- | M] (                                   ) -- C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US_Std.exe
    [2009/03/24 11:21:24 | 062,729,728 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_283a1450.exe
    [2008/04/25 22:40:59 | 006,039,048 | ---- | M] (Mozilla) -- C:\Documents and Settings\Lori\Desktop\Firefox Setup 2.0.0.14.exe
    [2008/04/08 13:33:03 | 001,141,200 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\imikimi_installer_0.5.1.exe
    [2008/03/10 12:49:59 | 000,382,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Lori\Desktop\jxpiinstall.exe
    [2010/07/09 22:20:35 | 047,787,248 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\avg_free_stf_en_8_100a1295.exe
    [2010/07/09 22:20:33 | 026,920,408 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\avg75free_484a1103.exe
    [2002/02/05 04:22:08 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\7z920.exe
    [2002/02/05 04:20:49 | 000,629,057 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\RkU3.8.388.590.rar
    [2002/02/05 04:20:40 | 000,130,604 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\RKUnhookerLE.zip
    [2002/02/05 04:19:35 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\RKUnhookerLE.EXE
    [2002/01/26 02:48:05 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\gmer.exe
    [2002/01/26 02:47:35 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\gmer.zip
    [2002/01/22 02:25:21 | 000,013,672 | -HS- | C] () -- C:\Documents and Settings\Lori\Local Settings\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t
    [2002/01/22 02:25:21 | 000,013,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t
    [2002/01/18 11:56:12 | 009,994,240 | ---- | C] () -- C:\Documents and Settings\Lori\My Documents\Ad-Aware90Install.msi
    [2002/01/16 20:26:27 | 000,016,420 | -HS- | C] () -- C:\Documents and Settings\Lori\Local Settings\Application Data\4o5m10uij3b2o734y6l3d615hx0j
    [2002/01/16 20:26:27 | 000,016,420 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4o5m10uij3b2o734y6l3d615hx0j
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it.


Click the "Scan" button to start scan.


Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply.


Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:08 AM

Posted 07 June 2011 - 03:30 PM

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Addie2

Addie2
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 07 June 2011 - 06:38 PM

Yes, I do! I'm sorry I've been so lately I will get to it ASAP. Sorry for the delay

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:08 AM

Posted 07 June 2011 - 08:14 PM

No worries, I understand that real life comes first, just wanted to make sure you hadn't abandoned the thread. :)

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Addie2

Addie2
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 08 June 2011 - 01:11 PM

========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ows\s deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ecurity Packages settings... deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:r deleted successfully.
C:\Documents and Settings\Lori\Application Data\Yzar folder moved successfully.
C:\Documents and Settings\Lori\My Documents\install_flash_player.exe moved successfully.
C:\Documents and Settings\Lori\My Documents\install_flash_player(3).exe moved successfully.
C:\Documents and Settings\Lori\My Documents\install_flash_player(2).exe moved successfully.
C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_285a1462.exe moved successfully.
C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_285a1462(2).exe moved successfully.
C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_283a1450.exe moved successfully.
C:\Documents and Settings\Lori\My Documents\avg_free_stb_en_8_18.exe moved successfully.
C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US_Std.exe moved successfully.
C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US.exe moved successfully.
C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US(2).exe moved successfully.
C:\Documents and Settings\Lori\Desktop\install_flash_player.exe moved successfully.
C:\Documents and Settings\Lori\Desktop\Firefox Setup 2.0.0.14.exe moved successfully.
C:\Documents and Settings\Lori\Desktop\AdbeRdr812_en_US.exe moved successfully.
C:\Documents and Settings\Lori\Desktop\dds.scr moved successfully.
C:\Documents and Settings\Lori\My Documents\ARO2011_tbt.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\Ljmt73K5B.dat moved successfully.
File C:\Documents and Settings\Lori\Desktop\install_flash_player.exe not found.
C:\Documents and Settings\Lori\Desktop\mbam-setup-1.46.exe moved successfully.
C:\Documents and Settings\Lori\Desktop\tdsskiller.zip moved successfully.
File C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US(2).exe not found.
File C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US.exe not found.
File C:\Documents and Settings\Lori\My Documents\install_flash_player.exe not found.
File C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_285a1462(2).exe not found.
File C:\Documents and Settings\Lori\My Documents\avg_free_stb_en_8_18.exe not found.
C:\Documents and Settings\Lori\My Documents\VersionTracker_Pro_Windows_4_1_cn0075.exe moved successfully.
File C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_285a1462.exe not found.
File C:\Documents and Settings\Lori\My Documents\AdbeRdr910_en_US_Std.exe not found.
File C:\Documents and Settings\Lori\My Documents\avg_free_stf_en_85_283a1450.exe not found.
File C:\Documents and Settings\Lori\Desktop\Firefox Setup 2.0.0.14.exe not found.
C:\Documents and Settings\Lori\Desktop\imikimi_installer_0.5.1.exe moved successfully.
C:\Documents and Settings\Lori\Desktop\jxpiinstall.exe moved successfully.
C:\Documents and Settings\Lori\Desktop\avg_free_stf_en_8_100a1295.exe moved successfully.
C:\Documents and Settings\Lori\Desktop\avg75free_484a1103.exe moved successfully.
C:\Documents and Settings\Lori\Desktop\7z920.exe moved successfully.
C:\Documents and Settings\Lori\Desktop\RkU3.8.388.590.rar moved successfully.
C:\Documents and Settings\Lori\Desktop\RKUnhookerLE.zip moved successfully.
C:\Documents and Settings\Lori\Desktop\RKUnhookerLE.EXE moved successfully.
C:\Documents and Settings\Lori\Desktop\gmer.exe moved successfully.
C:\Documents and Settings\Lori\Desktop\gmer.zip moved successfully.
C:\Documents and Settings\Lori\Local Settings\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t moved successfully.
C:\Documents and Settings\All Users\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t moved successfully.
C:\Documents and Settings\Lori\My Documents\Ad-Aware90Install.msi moved successfully.
C:\Documents and Settings\Lori\Local Settings\Application Data\4o5m10uij3b2o734y6l3d615hx0j moved successfully.
C:\Documents and Settings\All Users\Application Data\4o5m10uij3b2o734y6l3d615hx0j moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Lori\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lori\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (16903114376347648)

OTL by OldTimer - Version 3.2.23.0 log created on 06082011_140058

#12 Addie2

Addie2
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 08 June 2011 - 01:13 PM

2011/06/08 14:13:20.0218 3812 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/08 14:13:20.0796 3812 ================================================================================
2011/06/08 14:13:20.0796 3812 SystemInfo:
2011/06/08 14:13:20.0796 3812
2011/06/08 14:13:20.0796 3812 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/08 14:13:20.0796 3812 Product type: Workstation
2011/06/08 14:13:20.0796 3812 ComputerName: PERSONALPC1
2011/06/08 14:13:20.0796 3812 UserName: Lori
2011/06/08 14:13:20.0796 3812 Windows directory: C:\WINDOWS
2011/06/08 14:13:20.0796 3812 System windows directory: C:\WINDOWS
2011/06/08 14:13:20.0796 3812 Processor architecture: Intel x86
2011/06/08 14:13:20.0796 3812 Number of processors: 1
2011/06/08 14:13:20.0796 3812 Page size: 0x1000
2011/06/08 14:13:20.0796 3812 Boot type: Normal boot
2011/06/08 14:13:20.0796 3812 ================================================================================
2011/06/08 14:13:23.0062 3812 Initialize success
2011/06/08 14:13:38.0781 1896 ================================================================================
2011/06/08 14:13:38.0781 1896 Scan started
2011/06/08 14:13:38.0781 1896 Mode: Manual;
2011/06/08 14:13:38.0781 1896 ================================================================================
2011/06/08 14:13:39.0796 1896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/08 14:13:39.0906 1896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/08 14:13:40.0093 1896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/08 14:13:40.0187 1896 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/08 14:13:40.0515 1896 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/08 14:13:40.0984 1896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/08 14:13:41.0093 1896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/08 14:13:41.0250 1896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/08 14:13:41.0359 1896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/08 14:13:41.0453 1896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/08 14:13:41.0890 1896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/08 14:13:42.0046 1896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/08 14:13:42.0125 1896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/08 14:13:42.0250 1896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/08 14:13:42.0828 1896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/08 14:13:42.0937 1896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/08 14:13:43.0031 1896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/08 14:13:43.0078 1896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/08 14:13:43.0171 1896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/08 14:13:43.0484 1896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/08 14:13:43.0781 1896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/08 14:13:43.0937 1896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/08 14:13:44.0046 1896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/08 14:13:44.0156 1896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/08 14:13:44.0281 1896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/08 14:13:44.0390 1896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/08 14:13:44.0500 1896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/08 14:13:44.0671 1896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/08 14:13:45.0031 1896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/08 14:13:45.0312 1896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/08 14:13:45.0484 1896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/08 14:13:45.0593 1896 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/08 14:13:45.0640 1896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/08 14:13:45.0828 1896 IntelC51 (874db5e07fe2a7f1b22f7c760736f6f4) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/06/08 14:13:45.0968 1896 IntelC52 (4c0f190119ebc5ce728c9d060d8ae3e7) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/06/08 14:13:46.0046 1896 IntelC53 (85b36bc9e8fa579c64de88ffececce6c) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/06/08 14:13:46.0109 1896 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/08 14:13:46.0156 1896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/08 14:13:46.0234 1896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/08 14:13:46.0328 1896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/08 14:13:46.0421 1896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/08 14:13:46.0531 1896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/08 14:13:46.0593 1896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/08 14:13:46.0656 1896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/08 14:13:46.0750 1896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/08 14:13:46.0828 1896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/08 14:13:46.0875 1896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/08 14:13:46.0937 1896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/08 14:13:47.0000 1896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/08 14:13:47.0203 1896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/08 14:13:47.0296 1896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/08 14:13:47.0390 1896 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/08 14:13:47.0453 1896 mohfilt (f2cc6273e7de087dc0fd701f753461ca) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/06/08 14:13:47.0546 1896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/08 14:13:47.0625 1896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/08 14:13:47.0718 1896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/08 14:13:47.0875 1896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/08 14:13:47.0984 1896 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/08 14:13:48.0078 1896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/08 14:13:48.0187 1896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/08 14:13:48.0265 1896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/08 14:13:48.0343 1896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/08 14:13:48.0437 1896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/08 14:13:48.0515 1896 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/08 14:13:48.0609 1896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/08 14:13:48.0671 1896 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/08 14:13:48.0765 1896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/08 14:13:48.0828 1896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/08 14:13:48.0906 1896 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/08 14:13:48.0984 1896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/08 14:13:49.0062 1896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/08 14:13:49.0203 1896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/08 14:13:49.0296 1896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/08 14:13:49.0406 1896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/08 14:13:49.0500 1896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/08 14:13:49.0562 1896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/08 14:13:49.0640 1896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/08 14:13:49.0734 1896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/08 14:13:49.0875 1896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/08 14:13:49.0968 1896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/08 14:13:50.0093 1896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/06/08 14:13:50.0187 1896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/08 14:13:50.0734 1896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/08 14:13:50.0828 1896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/08 14:13:50.0921 1896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/08 14:13:51.0328 1896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/08 14:13:51.0437 1896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/08 14:13:51.0515 1896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/08 14:13:51.0593 1896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/08 14:13:51.0671 1896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/08 14:13:51.0750 1896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/08 14:13:51.0859 1896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/08 14:13:51.0984 1896 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/08 14:13:52.0078 1896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/08 14:13:52.0265 1896 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/08 14:13:52.0421 1896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/08 14:13:52.0515 1896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/08 14:13:52.0578 1896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/08 14:13:52.0656 1896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/08 14:13:52.0890 1896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/08 14:13:53.0046 1896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/08 14:13:53.0187 1896 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/08 14:13:53.0265 1896 SSFMONM (3199c2d24366ee02b279f0a065936703) C:\WINDOWS\system32\Drivers\SSFMONM.SYS
2011/06/08 14:13:53.0343 1896 SSHRMD (44533a8b02355f05015dbeac869c1d91) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
2011/06/08 14:13:53.0421 1896 SSIDRV (22ff2bde8b5362b29778de58b3261514) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
2011/06/08 14:13:53.0531 1896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/08 14:13:53.0656 1896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/08 14:13:54.0015 1896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/08 14:13:54.0140 1896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/08 14:13:54.0250 1896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/08 14:13:54.0359 1896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/08 14:13:54.0453 1896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/08 14:13:54.0671 1896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/08 14:13:54.0812 1896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/08 14:13:54.0953 1896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/08 14:13:55.0031 1896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/08 14:13:55.0125 1896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/08 14:13:55.0203 1896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/08 14:13:55.0312 1896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/08 14:13:55.0406 1896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/08 14:13:55.0546 1896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/08 14:13:55.0703 1896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/08 14:13:55.0843 1896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/08 14:13:56.0140 1896 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/08 14:13:56.0250 1896 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/08 14:13:56.0406 1896 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/06/08 14:13:56.0500 1896 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/06/08 14:13:56.0562 1896 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/08 14:13:56.0781 1896 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk1\DR1
2011/06/08 14:13:57.0000 1896 ================================================================================
2011/06/08 14:13:57.0000 1896 Scan finished
2011/06/08 14:13:57.0000 1896 ================================================================================
2011/06/08 14:13:57.0062 0224 Detected object count: 0
2011/06/08 14:13:57.0062 0224 Actual detected object count: 0

#13 Addie2

Addie2
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 08 June 2011 - 01:16 PM

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-08 14:16:09
-----------------------------
14:16:09.468 OS Version: Windows 5.1.2600 Service Pack 3
14:16:09.468 Number of processors: 1 586 0x209
14:16:09.468 ComputerName: PERSONALPC1 UserName: Lori
14:16:11.218 Initialize success
14:16:16.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:16:16.984 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156334MB BusType: 3
14:16:16.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
14:16:16.984 Disk 1 Vendor: ST340015A 3.01 Size: 38166MB BusType: 3
14:16:19.000 Disk 0 MBR read successfully
14:16:19.000 Disk 0 MBR scan
14:16:19.000 Disk 0 Windows XP default MBR code
14:16:21.000 Disk 0 scanning sectors +320143320
14:16:21.015 Disk 0 scanning C:\WINDOWS\system32\drivers
14:16:25.937 Service scanning
14:16:27.312 Disk 0 trace - called modules:
14:16:27.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
14:16:27.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f85ab8]
14:16:27.328 3 CLASSPNP.SYS[f8787fd7] -> nt!IofCallDriver -> \Device\00000057[0x82fe91c0]
14:16:27.328 5 ACPI.sys[f86ee620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f88940]
14:16:27.343 Scan finished successfully
14:16:38.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lori\Desktop\MBR.dat"
14:16:38.859 The log file has been saved successfully to "C:\Documents and Settings\Lori\Desktop\aswMBR.txt"

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:08 AM

Posted 08 June 2011 - 01:30 PM

Run this scan;


Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Addie2

Addie2
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 09 June 2011 - 09:18 PM

ComboFix 11-06-09.04 - Lori 06/09/2011 21:59:21.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.287 [GMT -4:00]
Running from: c:\documents and settings\Lori\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\eqrae.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\upew.exe
c:\documents and settings\Guest\Start Menu\Programs\Startup\eguvk.exe
c:\documents and settings\Lori\Application Data\6607111733E1BD440C501722541CBC62\ansi70sepmod.exe
c:\documents and settings\Lori\Application Data\6607111733E1BD440C501722541CBC62\enemies-names.txt
c:\documents and settings\Lori\Application Data\6607111733E1BD440C501722541CBC62\local.ini
c:\documents and settings\Lori\Application Data\Abuzes\depy.exe
c:\documents and settings\Lori\Application Data\Adobe\plugs\KB364281718.exe
c:\documents and settings\Lori\Application Data\Adobe\plugs\KB364281765.exe
c:\documents and settings\Lori\Application Data\cleanhdd .exe
c:\documents and settings\Lori\Application Data\cleanhdd.dll
c:\documents and settings\Lori\Application Data\cleanhdd.exe
c:\documents and settings\Lori\Application Data\defender.exe
c:\documents and settings\Lori\Local Settings\Application Data\{FF0C00F2-58C5-4FA5-9A80-5ABE4CBE455B}\chrome.manifest
c:\documents and settings\Lori\Local Settings\Application Data\{FF0C00F2-58C5-4FA5-9A80-5ABE4CBE455B}\chrome\content\_cfg.js
c:\documents and settings\Lori\Local Settings\Application Data\{FF0C00F2-58C5-4FA5-9A80-5ABE4CBE455B}\chrome\content\overlay.xul
c:\documents and settings\Lori\Local Settings\Application Data\{FF0C00F2-58C5-4FA5-9A80-5ABE4CBE455B}\install.rdf
c:\documents and settings\Lori\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Lori\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\documents and settings\Lori\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\windows\enuduxotoyeful.dll
c:\windows\mofmasq.dll
c:\windows\system\winspool.drv
c:\windows\system32\Drivers\qfpwabln.sys
c:\windows\system32\itlnfw32.dll
c:\windows\system32\itlpfw32.dll
.
-- Previous Run --
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqbkup.exe
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqbkup.exe
.
Infected copy of c:\windows\system32\mqsvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqsvc.exe
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqbkup.exe
.
Infected copy of c:\windows\system32\mqsvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqsvc.exe
.
Infected copy of c:\windows\system32\mqtgsvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mqtgsvc.exe
.
--------
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-09 03:36 . 2011-06-09 03:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-09 03:33 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-09 03:33 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-09 03:33 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-06-09 03:33 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-09 03:33 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-09 03:33 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-06-09 03:33 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-06-09 03:33 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 23:05 . 2010-11-01 23:45 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-04-18 23:05 . 2010-11-01 23:45 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-04-18 23:05 . 2010-11-01 23:45 47120 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-04-01 21:27 . 2011-03-24 11:20 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2011-04-14 16:26 . 2011-06-09 03:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\windows\pchealth\helpctr\binaries\MSCONFIG .exe
c:\windows\system32\rundll32 .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 02:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2002-01-18 1378352]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ keberos msv1_0 schannel wdigest
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jxemixatabivep]
c:\windows\enuduxotoyeful.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-04-17 08:29 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rsuxomizihawagur]
c:\windows\mofmasq.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
.
R2 SSFMONM;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [11/1/2010 7:45 PM 47120]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [1/18/2002 7:12 PM 3276136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x]
S3 BlackBox;BlackBox SR2; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.facebook.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Lori\Application Data\Mozilla\Firefox\Profiles\g6hfyf7l.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxps://www.facebook.com
FF - user.js: browser.startup.page - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 22:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(944)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-09 22:17:31
ComboFix-quarantined-files.txt 2011-06-10 02:17
ComboFix2.txt 2010-11-14 03:44
ComboFix3.txt 2010-11-07 20:42
ComboFix4.txt 2010-11-07 03:05
.
Pre-Run: 149,407,305,728 bytes free
Post-Run: 149,485,670,400 bytes free
.
- - End Of File - - 3CA6AC74317A43380AF040322EB553AF




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users