Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicous Code found in MBR (0x80) help?


  • This topic is locked This topic is locked
30 replies to this topic

#1 ben79k

ben79k

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 28 June 2011 - 08:48 PM

Not too long ago F-secure (my AV) alerted me that there was "Malicious Code" in the Master Boot Record (0x80), but offered no help in removing it. I've sought help elsewhere but was redirected here.
Prior to coming here and getting the GMER and DDS logs, I also ran SecurityCheck, aswMRB and RKUnHooker as advised by Broni (user helping me).
If you (whomever helps :) ) would like the copy of my MBR from the program i ran earlier, i can attach that too.
Thank you!!! :)
Attached File  ark.txt   95.11KB   4 downloads
Attached File  DDS.txt   13.76KB   4 downloads
Attached File  Attach.txt   10.23KB   0 downloads

Main Rig: FX4100@4.2Ghz, 16GB DDR3 1866, ASUS M5A99X EVO, 2x Radeon 6870, 128GB Vertex4 SSD, 1TB HDD, Thermaltake Chaser MK-2
 


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:08 PM

Posted 06 July 2011 - 02:39 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ben79k

ben79k
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 06 July 2011 - 07:58 PM

Omg im sorry, I had this post up for a bunch of days and lost hope with no replies, im glad you finally made it to me, im aware you do this all for free and i understand the wait.

Rootkit unhooker log
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8CA00000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10465280 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 267.24 )
0x81E36000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81E36000 PnpManager 3907584 bytes
0x81E36000 RAW 3907584 bytes
0x81E36000 WMIxWDM 3907584 bytes
0x9260B000 C:\Windows\system32\drivers\RTKVHDA.sys 2322432 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x99C20000 Win32k 2113536 bytes
0x99C20000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8800D000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82A0A000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8DA0C000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x87E02000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DD000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA0475000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8E531000 C:\Windows\System32\Drivers\dump_iaStor.sys 753664 bytes
0x82803000 C:\Windows\system32\drivers\iastor.sys 753664 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0x8DB0E000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA0007000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8D40B000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8D4B7000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8060C000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82923000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80413000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA00DA000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82B7B000 C:\Windows\system32\drivers\hcw18bda.sys 393216 bytes (Hauppauge Computer Works, Inc, Cx418 Raptor Driver)
0xA040A000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x82994000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x80731000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x92947000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80695000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8049C000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x807A0000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8D54F000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8E4B2000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82B40000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x87F5D000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8811D000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8E45B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81E03000 ACPI_HAL 208896 bytes
0x81E03000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x828E1000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9298F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x87FCE000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x92842000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82B15000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D5BA000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA0598000 C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys 163840 bytes (-, -)
0x87F96000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8DBD0000 C:\Windows\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0x88176000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EC000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9286F000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x805BD000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x881AE000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA0192000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x928CA000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA01B3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x828C3000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA0147000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x87EEC000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x87F42000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA0164000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8D5E7000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA01D2000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E50D000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x82BDB000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x87F1C000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA05C0000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x929C1000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9291D000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA017D000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x805E0000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x87F07000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA0571000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x807E1000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x92933000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0xA00C7000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x929E5000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA0586000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8819D000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E490000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80483000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82913000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8E4EE000 C:\Windows\System32\drivers\fsdfw.sys 65536 bytes (F-Secure Corporation, F-Secure Internet Shield Driver)
0x829EF000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA00B7000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80790000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8D59C000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8E40E000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8E4FE000 C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys 61440 bytes (F-Secure Corporation, HIPS 32-bit kernel module)
0x87FBF000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x87F33000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8815E000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80713000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x829E0000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D58D000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80722000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8D5AC000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x99E60000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8E436000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x929D7000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x92906000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80782000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8E524000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8DBC3000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8E44E000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80688000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA055D000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x928BE000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D4AB000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xA0459000 C:\Users\Ben\AppData\Local\Temp\aswMBR.sys 45056 bytes
0x8E41E000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8E429000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x928FB000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D400000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8DA00000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x881E5000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D544000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8E5F2000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E444000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x92600000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA0553000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x881CF000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8816D000 C:\Windows\system32\Drivers\fsbts.sys 36864 bytes (-, -)
0x92894000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8E5E9000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8E4A9000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA0464000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x92914000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x99E40000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x881F0000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DB000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x828BB000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80494000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x928B3000 C:\Windows\System32\drivers\fses.sys 32768 bytes (F-Secure Corporation, F-Secure Email Interceptor)
0x928AB000 C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys 32768 bytes (-, -)
0x8E4A1000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E4000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x928EB000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x928F3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88156000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA0569000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x928A4000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x881F9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8077B000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8040C000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9289D000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8DBF7000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x929FA000 C:\Windows\System32\Drivers\Lycosa.sys 20480 bytes (Razer USA Ltd., Razer Tarantula Keyboard Driver)
0xA0471000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8D5E4000 C:\Windows\system32\drivers\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x928BB000 C:\Windows\system32\drivers\danew.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Razer DeathAdder USB Optical Mouse Driver)
0xA05D6000 C:\Windows\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0x8D3FB000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 267.24 )
0x8E434000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x929F8000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8DBFD000 C:\Windows\system32\DRIVERS\vHidDev.sys 8192 bytes (Windows ® Win 7 DDK provider, Virtual Hid Device)
==============================================
>Stealth
==============================================


DDS (DDS.txt)

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Ben at 17:58:37 on 2011-06-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2046.1102 [GMT -7:00]
.
AV: Shaw Secure 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Shaw Secure 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Shaw Secure 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSHDLL32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\shaw secure\nrs\iescript\baselitmus.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\shaw secure\nrs\iescript\baselitmus.dll
uRun: [Google Update] "c:\users\ben\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [<NO NAME>]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [F-Secure TNB] "c:\program files\shaw secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
mRun: [CCUTRAYICON] FactoryMode
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Lycosa] "c:\program files\razer\lycosa\razerhid.exe"
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\ben\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\shaw secure\fsps\program\FSLSP.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{F6D1B692-08D3-4C3A-911C-FE9ED86379C8} : DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\k5ctlu3v.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - component: c:\program files\shaw secure\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\ben\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-10-17 42664]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\shaw secure\hips\drivers\fshs.sys [2010-10-17 68064]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-10-17 36792]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-10-17 73160]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\shaw secure\anti-virus\minifilter\fsvista.sys [2010-10-17 12384]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\shaw secure\anti-virus\fsgk32st.exe [2010-10-17 215648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-10-18 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-12-28 11136]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys [2010-10-17 148648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\shaw secure\orsp client\fsorsp.exe [2010-10-17 61088]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-3-19 391168]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-12-28 16896]
R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-12-28 5760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-4 136176]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 {6FF14CBD-D520-404A-918FA0DD71CFEA31};{6FF14CBD-D520-404A-918FA0DD71CFEA31};c:\windows\system32\svchost.exe -k netsvcs [2010-10-18 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-4 136176]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys [2010-10-17 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\shaw secure\anti-virus\win2k\fsrec.sys [2010-10-17 25184]
.
=============== Created Last 30 ================
.
2011-06-28 19:10:44 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{22db115c-0cfa-4197-b1ff-ba470061e766}\mpengine.dll
2011-06-28 19:09:58 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-24 19:56:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-24 19:56:24 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-20 22:41:48 -------- d-----w- c:\program files\iPod
2011-06-16 07:01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 07:01:03 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-16 07:01:02 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 00:13:06 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 00:13:06 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 00:13:02 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 00:12:58 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 00:12:53 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 00:12:49 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 00:12:43 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 00:12:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 00:12:41 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 00:12:33 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-06 02:30:31 -------- d-----w- c:\programdata\Skype Extras
.
==================== Find3M ====================
.
2011-06-18 19:27:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-25 01:39:21 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2011-05-25 01:39:21 17212 ----a-w- c:\windows\system32\SIntf32.dll
2011-05-25 01:39:21 12067 ----a-w- c:\windows\system32\SIntf16.dll
2011-05-25 01:30:57 94208 ----a-w- c:\windows\DIIUnin.exe
2011-05-25 01:30:57 2829 ----a-w- c:\windows\DIIUnin.pif
2011-05-25 01:20:26 2829 ----a-w- c:\windows\DiabUnin.pif
2011-05-25 01:20:26 118784 ----a-w- c:\windows\DiabUnin.exe
2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 11:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 18:00:30.58 ===============

DDS (Attach.txt)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/05/2007 9:48:05 AM
System Uptime: 28/06/2011 12:46:15 PM (6 hours ago)
.
Motherboard: ASUSTek Computer INC. | | LEONITE
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 292 GiB total, 163.602 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.878 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.6
Audacity 1.2.6
AutoUpdate
Bonjour
D3DX10
Diablo
Diablo II
DivX
Enhanced Multimedia Keyboard Solution
F-Secure PSC Prerequisites
Google Chrome
Google Earth
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Connections (remove only)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
Intel® Matrix Storage Manager
Intel® Viiv™ Software
iTunes
Java Auto Updater
Java™ 6 Update 26
LAME v3.98.2 for Audacity
LightScribe 1.4.124.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 5.0 (x86 en-US)
Mozilla Thunderbird (3.1.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Python 2.4.3
QuickTime
Razer DeathAdder™ Mouse
Razer Lycosa
Realtek High Definition Audio Driver
Rootkit Unhooker LE 3.8 SR 2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shaw Secure
Skype Toolbars
Skype™ 5.3
Soft Data Fax Modem with SmartCP
Steam
Team Fortress 2
Terraria
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
28/06/2011 12:48:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
28/06/2011 12:48:16 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
28/06/2011 12:48:16 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC FSES FSFW i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2011 12:41:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
26/06/2011 7:58:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
26/06/2011 7:58:47 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


(even though you didn't request it) GMER log
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-06-28 18:41:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST332082 rev.3.AH
Running: gmer.exe; Driver: C:\Users\Ben\AppData\Local\Temp\ufldqpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwCreateThread [0x8E4FFE8C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwLoadDriver [0x8E5001BC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x8E4FFBCC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwOpenSection [0x8E5005EE]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwRenameKey [0x8E50188C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x8E50043E]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSuspendProcess [0x8E4FFA4C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSuspendThread [0x8E4FFEC0]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x8E500042]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwTerminateProcess [0x8E4FF9A6]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwTerminateThread [0x8E4FFB06]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x8E4FFF86]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x8E4FFEA6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 81EE29A4 4 Bytes [8C, FE, 4F, 8E]
.text ntkrnlpa.exe!KeSetEvent + 37D 81EE2B00 4 Bytes [BC, 01, 50, 8E]
.text ntkrnlpa.exe!KeSetEvent + 3AD 81EE2B30 4 Bytes [CC, FB, 4F, 8E]
.text ntkrnlpa.exe!KeSetEvent + 3FD 81EE2B80 4 Bytes [EE, 05, 50, 8E]
.text ntkrnlpa.exe!KeSetEvent + 515 81EE2C98 4 Bytes [8C, 18, 50, 8E]
.text ...
? C:\Users\Ben\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\Users\Ben\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\Dwm.exe[296] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 01F2000C
.text C:\Windows\system32\Dwm.exe[296] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 01F2100C
.text C:\Windows\system32\Dwm.exe[296] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 01F2200C
.text C:\Windows\system32\Dwm.exe[296] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 01F2300C
.text C:\Windows\system32\Dwm.exe[296] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 01F2400C
.text C:\Windows\system32\Dwm.exe[296] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 01F2800C
.text C:\Windows\system32\Dwm.exe[296] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 01F2600C
.text C:\Windows\system32\Dwm.exe[296] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 01F2900C
.text C:\Windows\system32\Dwm.exe[296] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 01F2700C
.text C:\Windows\system32\Dwm.exe[296] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 01F2500C
.text C:\Windows\system32\Dwm.exe[296] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 01F2B00C
.text C:\Windows\system32\Dwm.exe[296] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 01F2A00C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0035000C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0035100C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0035200C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0035300C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0035400C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0035500C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0035A00C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0035800C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0035600C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0035900C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[316] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0035700C
.text C:\Windows\system32\taskeng.exe[340] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0017000C
.text C:\Windows\system32\taskeng.exe[340] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0017100C
.text C:\Windows\system32\taskeng.exe[340] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0017200C
.text C:\Windows\system32\taskeng.exe[340] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0017300C
.text C:\Windows\system32\taskeng.exe[340] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0017400C
.text C:\Windows\system32\taskeng.exe[340] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0017800C
.text C:\Windows\system32\taskeng.exe[340] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0017600C
.text C:\Windows\system32\taskeng.exe[340] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0017900C
.text C:\Windows\system32\taskeng.exe[340] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0017700C
.text C:\Windows\system32\taskeng.exe[340] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0017500C
.text C:\Windows\system32\taskeng.exe[340] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0017B00C
.text C:\Windows\system32\taskeng.exe[340] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0017A00C
.text C:\Windows\Explorer.EXE[492] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0397000C
.text C:\Windows\Explorer.EXE[492] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0397100C
.text C:\Windows\Explorer.EXE[492] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0397200C
.text C:\Windows\Explorer.EXE[492] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0397300C
.text C:\Windows\Explorer.EXE[492] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0397400C
.text C:\Windows\Explorer.EXE[492] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0397600C
.text C:\Windows\Explorer.EXE[492] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0397B00C
.text C:\Windows\Explorer.EXE[492] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0397700C
.text C:\Windows\Explorer.EXE[492] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0397500C
.text C:\Windows\Explorer.EXE[492] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0397A00C
.text C:\Windows\Explorer.EXE[492] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0397900C
.text C:\Windows\Explorer.EXE[492] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0397800C
.text C:\Windows\system32\wininit.exe[620] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0007000C
.text C:\Windows\system32\wininit.exe[620] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0007100C
.text C:\Windows\system32\wininit.exe[620] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0007200C
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0007300C
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0007400C
.text C:\Windows\system32\wininit.exe[620] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0007800C
.text C:\Windows\system32\wininit.exe[620] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0007600C
.text C:\Windows\system32\wininit.exe[620] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0007900C
.text C:\Windows\system32\wininit.exe[620] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0007700C
.text C:\Windows\system32\wininit.exe[620] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0007500C
.text C:\Windows\system32\wininit.exe[620] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0007A00C
.text C:\Windows\system32\lsass.exe[680] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0007000C
.text C:\Windows\system32\lsass.exe[680] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0007100C
.text C:\Windows\system32\lsass.exe[680] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0007200C
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0007300C
.text C:\Windows\system32\lsass.exe[680] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0007400C
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0007800C
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0007600C
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0007900C
.text C:\Windows\system32\lsass.exe[680] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0007700C
.text C:\Windows\system32\lsass.exe[680] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0007500C
.text C:\Windows\system32\lsass.exe[680] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0007B00C
.text C:\Windows\system32\lsass.exe[680] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0007A00C
.text C:\Windows\system32\lsm.exe[688] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0009000C
.text C:\Windows\system32\lsm.exe[688] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0009100C
.text C:\Windows\system32\lsm.exe[688] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0009200C
.text C:\Windows\system32\lsm.exe[688] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0009300C
.text C:\Windows\system32\lsm.exe[688] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0009400C
.text C:\Windows\system32\lsm.exe[688] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0009800C
.text C:\Windows\system32\lsm.exe[688] ADVAPI32.dll!OpenServiceW 77708354 3 Bytes JMP 0009600C
.text C:\Windows\system32\lsm.exe[688] ADVAPI32.dll!OpenServiceW + 4 77708358 1 Byte [88]
.text C:\Windows\system32\lsm.exe[688] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0009900C
.text C:\Windows\system32\lsm.exe[688] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0009700C
.text C:\Windows\system32\lsm.exe[688] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0009500C
.text C:\Windows\system32\lsm.exe[688] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0009A00C
.text C:\WINDOWS\RtHDVCpl.exe[708] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 003F000C
.text C:\WINDOWS\RtHDVCpl.exe[708] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 003F100C
.text C:\WINDOWS\RtHDVCpl.exe[708] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 003F200C
.text C:\WINDOWS\RtHDVCpl.exe[708] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 003F300C
.text C:\WINDOWS\RtHDVCpl.exe[708] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 003F400C
.text C:\WINDOWS\RtHDVCpl.exe[708] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 003F800C
.text C:\WINDOWS\RtHDVCpl.exe[708] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 003F600C
.text C:\WINDOWS\RtHDVCpl.exe[708] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 003F900C
.text C:\WINDOWS\RtHDVCpl.exe[708] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 003F700C
.text C:\WINDOWS\RtHDVCpl.exe[708] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 003F500C
.text C:\WINDOWS\RtHDVCpl.exe[708] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 003FB00C
.text C:\WINDOWS\RtHDVCpl.exe[708] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 003FA00C
.text C:\Windows\system32\winlogon.exe[768] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0024000C
.text C:\Windows\system32\winlogon.exe[768] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0024100C
.text C:\Windows\system32\winlogon.exe[768] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0024200C
.text C:\Windows\system32\winlogon.exe[768] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0024300C
.text C:\Windows\system32\winlogon.exe[768] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0024400C
.text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0024800C
.text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0024600C
.text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0024900C
.text C:\Windows\system32\winlogon.exe[768] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0024700C
.text C:\Windows\system32\winlogon.exe[768] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0024500C
.text C:\Windows\system32\winlogon.exe[768] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0024B00C
.text C:\Windows\system32\winlogon.exe[768] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0024A00C
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 007F000C
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 007F100C
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 007F200C
.text C:\Windows\system32\nvvsvc.exe[924] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0031000C
.text C:\Windows\system32\nvvsvc.exe[924] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0031100C
.text C:\Windows\system32\nvvsvc.exe[924] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0031200C
.text C:\Windows\system32\nvvsvc.exe[924] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0031300C
.text C:\Windows\system32\nvvsvc.exe[924] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0031400C
.text C:\Windows\system32\nvvsvc.exe[924] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0031800C
.text C:\Windows\system32\nvvsvc.exe[924] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0031600C
.text C:\Windows\system32\nvvsvc.exe[924] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0031900C
.text C:\Windows\system32\nvvsvc.exe[924] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0031700C
.text C:\Windows\system32\nvvsvc.exe[924] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0031500C
.text C:\Windows\system32\nvvsvc.exe[924] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0031B00C
.text C:\Windows\system32\nvvsvc.exe[924] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0031A00C
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 006A000C
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 006A100C
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 006A200C
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0019000C
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0019100C
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0019200C
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0078000C
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0078100C
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0078200C
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0089000C
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0089100C
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0089200C
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0103000C
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0103100C
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0103200C
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 000F000C
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 000F100C
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 000F200C
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0095000C
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0095100C
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0095200C
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0030000C
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0030100C
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0030200C
.text C:\Windows\system32\nvvsvc.exe[1648] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 003F000C
.text C:\Windows\system32\nvvsvc.exe[1648] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 003F100C
.text C:\Windows\system32\nvvsvc.exe[1648] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 003F200C
.text C:\Windows\system32\nvvsvc.exe[1648] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 003F300C
.text C:\Windows\system32\nvvsvc.exe[1648] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 003F400C
.text C:\Windows\system32\nvvsvc.exe[1648] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 003F800C
.text C:\Windows\system32\nvvsvc.exe[1648] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 003F600C
.text C:\Windows\system32\nvvsvc.exe[1648] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 003F900C
.text C:\Windows\system32\nvvsvc.exe[1648] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 003F700C
.text C:\Windows\system32\nvvsvc.exe[1648] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 003F500C
.text C:\Windows\system32\nvvsvc.exe[1648] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 003FB00C
.text C:\Windows\system32\nvvsvc.exe[1648] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 003FA00C
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0018000C
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0018100C
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0018200C
.text C:\hp\support\hpsysdrv.exe[1700] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0017000C
.text C:\hp\support\hpsysdrv.exe[1700] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0017100C
.text C:\hp\support\hpsysdrv.exe[1700] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0017200C
.text C:\hp\support\hpsysdrv.exe[1700] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0017300C
.text C:\hp\support\hpsysdrv.exe[1700] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0017400C
.text C:\hp\support\hpsysdrv.exe[1700] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0017500C
.text C:\hp\support\hpsysdrv.exe[1700] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0017A00C
.text C:\hp\support\hpsysdrv.exe[1700] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0017800C
.text C:\hp\support\hpsysdrv.exe[1700] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0017600C
.text C:\hp\support\hpsysdrv.exe[1700] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0017900C
.text C:\hp\support\hpsysdrv.exe[1700] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0017700C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0094000C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0094100C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0094200C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0094300C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0094400C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0094500C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0094B00C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0094800C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0094600C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0094900C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0094700C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1988] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0094A00C
.text C:\Windows\system32\taskeng.exe[2032] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0195000C
.text C:\Windows\system32\taskeng.exe[2032] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0195100C
.text C:\Windows\system32\taskeng.exe[2032] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0195200C
.text C:\Windows\system32\taskeng.exe[2032] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0195300C
.text C:\Windows\system32\taskeng.exe[2032] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0195400C
.text C:\Windows\system32\taskeng.exe[2032] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0195800C
.text C:\Windows\system32\taskeng.exe[2032] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0195600C
.text C:\Windows\system32\taskeng.exe[2032] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0195900C
.text C:\Windows\system32\taskeng.exe[2032] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0195700C
.text C:\Windows\system32\taskeng.exe[2032] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0195500C
.text C:\Windows\system32\taskeng.exe[2032] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0195B00C
.text C:\Windows\system32\taskeng.exe[2032] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0195A00C
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[2092] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0384000C
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[2092] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0384100C
.text C:\Program Files\Shaw Secure\Common\FSM32.EXE[2092] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0384200C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 002B000C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 002B100C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 002B200C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 002B300C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 002B400C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 002B500C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 002BB00C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 002B800C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 002B600C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 002B900C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 002B700C
.text C:\Program Files\Razer\Lycosa\razerhid.exe[2324] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 002BA00C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 003D000C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 003D100C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 003D200C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 003D300C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 003D400C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 003D500C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 003DB00C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 003D800C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 003D600C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 003D900C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 003D700C
.text C:\Program Files\Razer\DeathAdder\razerhid.exe[2340] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 003DA00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0019000C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0019100C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0019200C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0019300C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0019400C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0019800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0019600C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0019900C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0019700C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0019500C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0019B00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2356] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0019A00C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 00EB000C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 00EB100C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 00EB200C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 00EB300C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 00EB400C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 00EB800C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 00EB600C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 00EB900C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 00EB700C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 00EB500C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 00EBB00C
.text C:\Program Files\iTunes\iTunesHelper.exe[2364] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 00EBA00C
.text C:\WINDOWS\ehome\ehtray.exe[2388] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 007E000C
.text C:\WINDOWS\ehome\ehtray.exe[2388] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 007E100C
.text C:\WINDOWS\ehome\ehtray.exe[2388] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 007E200C
.text C:\WINDOWS\ehome\ehtray.exe[2388] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 007E300C
.text C:\WINDOWS\ehome\ehtray.exe[2388] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 007E400C
.text C:\WINDOWS\ehome\ehtray.exe[2388] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 007E800C
.text C:\WINDOWS\ehome\ehtray.exe[2388] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 007E600C
.text C:\WINDOWS\ehome\ehtray.exe[2388] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 007E900C
.text C:\WINDOWS\ehome\ehtray.exe[2388] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 007E700C
.text C:\WINDOWS\ehome\ehtray.exe[2388] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 007E500C
.text C:\WINDOWS\ehome\ehtray.exe[2388] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 007EB00C
.text C:\WINDOWS\ehome\ehtray.exe[2388] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 007EA00C
.text C:\Windows\ehome\ehmsas.exe[2448] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 007E000C
.text C:\Windows\ehome\ehmsas.exe[2448] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 007E100C
.text C:\Windows\ehome\ehmsas.exe[2448] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 007E200C
.text C:\Windows\ehome\ehmsas.exe[2448] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 007E300C
.text C:\Windows\ehome\ehmsas.exe[2448] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 007E400C
.text C:\Windows\ehome\ehmsas.exe[2448] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 007E800C
.text C:\Windows\ehome\ehmsas.exe[2448] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 007E600C
.text C:\Windows\ehome\ehmsas.exe[2448] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 007E900C
.text C:\Windows\ehome\ehmsas.exe[2448] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 007E700C
.text C:\Windows\ehome\ehmsas.exe[2448] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 007E500C
.text C:\Windows\ehome\ehmsas.exe[2448] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 007EB00C
.text C:\Windows\ehome\ehmsas.exe[2448] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 007EA00C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0167000C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0167100C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0167200C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0167300C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0167400C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0167500C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0167B00C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0167800C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0167600C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0167900C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0167700C
.text C:\Program Files\Razer\DeathAdder\razertra.exe[2480] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0167A00C
.text C:\Users\Ben\Downloads\gmer.exe[2520] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0035000C
.text C:\Users\Ben\Downloads\gmer.exe[2520] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0035100C
.text C:\Users\Ben\Downloads\gmer.exe[2520] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0035200C
.text C:\Users\Ben\Downloads\gmer.exe[2520] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0035300C
.text C:\Users\Ben\Downloads\gmer.exe[2520] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0035400C
.text C:\Users\Ben\Downloads\gmer.exe[2520] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0035500C
.text C:\Users\Ben\Downloads\gmer.exe[2520] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0035A00C
.text C:\Users\Ben\Downloads\gmer.exe[2520] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0035800C
.text C:\Users\Ben\Downloads\gmer.exe[2520] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0035600C
.text C:\Users\Ben\Downloads\gmer.exe[2520] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0035900C
.text C:\Users\Ben\Downloads\gmer.exe[2520] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0035700C
.text C:\Users\Ben\Downloads\gmer.exe[2520] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0035B00C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0083000C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0083100C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0083200C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0083300C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0083400C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0083800C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0083600C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0083900C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0083700C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0083500C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0083B00C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0083A00C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 01C4000C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 01C4100C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 01C4200C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 01C4300C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 01C4400C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 01C4500C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 01C4A00C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 01C4800C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 01C4600C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 01C4900C
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2632] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 01C4700C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 003E000C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 003E100C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 003E200C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 003E300C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 003E400C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 003E800C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 003E600C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 003E900C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 003E700C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 003E500C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 003EB00C
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[2760] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 003EA00C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0015000C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0015100C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0015200C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0015300C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0015400C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0015500C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0015B00C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0015800C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0015600C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0015900C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0015700C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2824] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0015A00C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 00CA000C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 00CA100C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 00CA200C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 00CA300C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 00CA400C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 00CA500C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 00CAA00C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 00CA800C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 00CA600C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 00CA900C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2884] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 00CA700C
.text C:\Windows\system32\svchost.exe[3008] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0013000C
.text C:\Windows\system32\svchost.exe[3008] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0013100C
.text C:\Windows\system32\svchost.exe[3008] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0013200C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 004E000C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 004E100C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 004E200C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 004E300C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 004E400C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 004E800C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 004E600C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 004E900C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 004E700C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 004E500C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 004EB00C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3024] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 004EA00C
.text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 007F000C
.text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 007F100C
.text C:\Windows\system32\svchost.exe[3056] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 007F200C
.text C:\Windows\System32\svchost.exe[3084] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0016000C
.text C:\Windows\System32\svchost.exe[3084] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0016100C
.text C:\Windows\System32\svchost.exe[3084] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0016200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 00E3000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 00E3100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 00E3200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 00E3300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 00E3400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 00E3800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 00E3600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 00E3900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 00E3700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 00E3A00C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 00E3500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3232] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 00E3B00C
.text C:\Windows\system32\SearchIndexer.exe[3264] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 058F000C
.text C:\Windows\system32\SearchIndexer.exe[3264] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 058F100C
.text C:\Windows\system32\SearchIndexer.exe[3264] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 058F200C
.text C:\Windows\system32\SearchIndexer.exe[3264] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 058F300C
.text C:\Windows\system32\SearchIndexer.exe[3264] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 058F400C
.text C:\Windows\system32\SearchIndexer.exe[3264] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 058F800C
.text C:\Windows\system32\SearchIndexer.exe[3264] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 058F600C
.text C:\Windows\system32\SearchIndexer.exe[3264] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 058F900C
.text C:\Windows\system32\SearchIndexer.exe[3264] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 058F700C
.text C:\Windows\system32\SearchIndexer.exe[3264] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 058F500C
.text C:\Windows\system32\SearchIndexer.exe[3264] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 058FB00C
.text C:\Windows\system32\SearchIndexer.exe[3264] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 058FA00C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 003A000C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 003A100C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 003A200C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 003A300C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 003A400C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 003A800C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 003A600C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 003A900C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 003A700C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 003AA00C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 003A500C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3476] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 003AB00C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 001A000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 001A100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 001A200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 001A300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 001A400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 001A800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 001A600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 001A900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 001A700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 001A500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3604] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 001AA00C
.text C:\Windows\ehome\ehsched.exe[3780] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0009000C
.text C:\Windows\ehome\ehsched.exe[3780] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0009100C
.text C:\Windows\ehome\ehsched.exe[3780] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0009200C
.text C:\Windows\ehome\ehsched.exe[3780] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0009300C
.text C:\Windows\ehome\ehsched.exe[3780] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0009400C
.text C:\Windows\ehome\ehsched.exe[3780] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0009800C
.text C:\Windows\ehome\ehsched.exe[3780] ADVAPI32.dll!OpenServiceW 77708354 3 Bytes JMP 0009600C
.text C:\Windows\ehome\ehsched.exe[3780] ADVAPI32.dll!OpenServiceW + 4 77708358 1 Byte [88]
.text C:\Windows\ehome\ehsched.exe[3780] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0009900C
.text C:\Windows\ehome\ehsched.exe[3780] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0009700C
.text C:\Windows\ehome\ehsched.exe[3780] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0009500C
.text C:\Windows\ehome\ehsched.exe[3780] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0009B00C
.text C:\Windows\ehome\ehsched.exe[3780] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0009A00C
.text C:\Windows\system32\WUDFHost.exe[3944] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0048000C
.text C:\Windows\system32\WUDFHost.exe[3944] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0048100C
.text C:\Windows\system32\WUDFHost.exe[3944] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0048200C
.text C:\Windows\system32\WUDFHost.exe[3944] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0048300C
.text C:\Windows\system32\WUDFHost.exe[3944] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0048400C
.text C:\Windows\system32\WUDFHost.exe[3944] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0048800C
.text C:\Windows\system32\WUDFHost.exe[3944] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0048600C
.text C:\Windows\system32\WUDFHost.exe[3944] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0048900C
.text C:\Windows\system32\WUDFHost.exe[3944] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0048700C
.text C:\Windows\system32\WUDFHost.exe[3944] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0048A00C
.text C:\Windows\system32\WUDFHost.exe[3944] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0048500C
.text C:\Windows\system32\WUDFHost.exe[3944] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0048B00C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 003F000C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 003F100C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 003F200C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 003F300C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 003F400C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 003F800C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 003F600C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 003F900C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 003F700C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 003F500C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 003FB00C
.text C:\Program Files\iPod\bin\iPodService.exe[4032] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 003FA00C
.text C:\Windows\explorer.exe[4192] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0011000C
.text C:\Windows\explorer.exe[4192] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0011100C
.text C:\Windows\explorer.exe[4192] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0011200C
.text C:\Windows\explorer.exe[4192] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0011300C
.text C:\Windows\explorer.exe[4192] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0011400C
.text C:\Windows\explorer.exe[4192] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0011800C
.text C:\Windows\explorer.exe[4192] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0011600C
.text C:\Windows\explorer.exe[4192] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0011900C
.text C:\Windows\explorer.exe[4192] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0011700C
.text C:\Windows\explorer.exe[4192] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0011500C
.text C:\Windows\explorer.exe[4192] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0011B00C
.text C:\Windows\explorer.exe[4192] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0011A00C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] ntdll.dll!LdrLoadDll 779A93A8 5 Bytes JMP 00AD1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 000C000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 000C100C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 000C200C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 000C300C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 000C400C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 000C800C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 000C600C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 000C900C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 000C700C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 000C500C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 000CB00C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4228] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 000CA00C
.text C:\Windows\system32\taskeng.exe[4280] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 001A000C
.text C:\Windows\system32\taskeng.exe[4280] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 001A100C
.text C:\Windows\system32\taskeng.exe[4280] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 001A200C
.text C:\Windows\system32\taskeng.exe[4280] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 001A300C
.text C:\Windows\system32\taskeng.exe[4280] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 001A400C
.text C:\Windows\system32\taskeng.exe[4280] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 001A800C
.text C:\Windows\system32\taskeng.exe[4280] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 001A600C
.text C:\Windows\system32\taskeng.exe[4280] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 001A900C
.text C:\Windows\system32\taskeng.exe[4280] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 001A700C
.text C:\Windows\system32\taskeng.exe[4280] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 001A500C
.text C:\Windows\system32\taskeng.exe[4280] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 001AB00C
.text C:\Windows\system32\taskeng.exe[4280] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 001AA00C
.text C:\hp\kbd\kbd.exe[4436] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0025000C
.text C:\hp\kbd\kbd.exe[4436] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0025100C
.text C:\hp\kbd\kbd.exe[4436] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0025200C
.text C:\hp\kbd\kbd.exe[4436] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0025300C
.text C:\hp\kbd\kbd.exe[4436] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0025400C
.text C:\hp\kbd\kbd.exe[4436] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0025500C
.text C:\hp\kbd\kbd.exe[4436] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0025A00C
.text C:\hp\kbd\kbd.exe[4436] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0025800C
.text C:\hp\kbd\kbd.exe[4436] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0025600C
.text C:\hp\kbd\kbd.exe[4436] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0025900C
.text C:\hp\kbd\kbd.exe[4436] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0025700C
.text C:\hp\kbd\kbd.exe[4436] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0025B00C
.text C:\Windows\System32\mobsync.exe[4572] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 001B000C
.text C:\Windows\System32\mobsync.exe[4572] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 001B100C
.text C:\Windows\System32\mobsync.exe[4572] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 001B200C
.text C:\Windows\System32\mobsync.exe[4572] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 001B300C
.text C:\Windows\System32\mobsync.exe[4572] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 001B400C
.text C:\Windows\System32\mobsync.exe[4572] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 001B800C
.text C:\Windows\System32\mobsync.exe[4572] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 001B600C
.text C:\Windows\System32\mobsync.exe[4572] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 001B900C
.text C:\Windows\System32\mobsync.exe[4572] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 001B700C
.text C:\Windows\System32\mobsync.exe[4572] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 001B500C
.text C:\Windows\System32\mobsync.exe[4572] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 001BB00C
.text C:\Windows\System32\mobsync.exe[4572] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 001BA00C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 001A000C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 001A100C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 001A200C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 001A300C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 001A400C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 001A800C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 001A600C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 001A900C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 001A700C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 001A500C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 001AB00C
.text C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[4872] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 001AA00C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 000E000C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 000E100C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 000E200C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 000E300C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 000E400C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 000E800C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 000E600C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 000E900C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 000E700C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 000E500C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 000EB00C
.text C:\Program Files\Java\jre6\bin\java.exe[5648] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 000EA00C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] ntdll.dll!NtCreateProcess 779E42E4 5 Bytes JMP 0067000C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] ntdll.dll!NtCreateProcessEx 779E42F4 5 Bytes JMP 0067100C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] ntdll.dll!NtCreateUserProcess 779E5654 5 Bytes JMP 0067200C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] kernel32.dll!LoadLibraryExW 775F9109 5 Bytes JMP 0067300C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] kernel32.dll!TerminateThread 776141F7 5 Bytes JMP 0067400C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] ADVAPI32.dll!CloseServiceHandle 777082A5 5 Bytes JMP 0067800C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] ADVAPI32.dll!OpenServiceW 77708354 5 Bytes JMP 0067600C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] ADVAPI32.dll!CreateServiceW 77729EB4 5 Bytes JMP 0067900C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] ADVAPI32.dll!ControlService 77729FB8 5 Bytes JMP 0067700C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] USER32.dll!SetWindowsHookExW 765A87AD 5 Bytes JMP 0067500C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] USER32.dll!SetWindowLongA 765AE7CD 5 Bytes JMP 64A7EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] USER32.dll!SetWindowLongW 765B13B4 5 Bytes JMP 64A7ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] USER32.dll!GetWindowInfo 765B428E 5 Bytes JMP 64895451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] USER32.dll!TrackPopupMenu 765C14F3 5 Bytes JMP 64895A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] USER32.dll!DdeConnect 765E9A1F 5 Bytes JMP 0067B00C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5696] ole32.dll!CoCreateInstanceEx 77889F81 5 Bytes JMP 0067A00C

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x99 0x4F 0xC7 0xB5 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 625137348
Disk \Device\Harddisk0\DR0 PE file @ sector 625137370

---- EOF - GMER 1.0.15 ----


(even though you didn't request it)aswMBR log
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-28 17:06:45
-----------------------------
17:06:45.928 OS Version: Windows 6.0.6002 Service Pack 2
17:06:45.928 Number of processors: 2 586 0xF06
17:06:45.930 ComputerName: BEN-PC UserName: Ben
17:06:48.773 Initialize success
17:07:25.098 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
17:07:25.100 Disk 0 Vendor: ST332082 3.AH Size: 305245MB BusType: 3
17:07:25.125 Disk 0 MBR read successfully
17:07:25.128 Disk 0 MBR scan
17:07:25.130 Disk 0 unknown MBR code
17:07:25.134 Disk 0 scanning sectors +625137345
17:07:25.160 Disk 0 malicious Win32:MBRoot code @ sector 625137348 !
17:07:25.164 Disk 0 PE file @ sector 625137370 !
17:07:25.167 Disk 0 scanning C:\Windows\system32\drivers
17:07:31.421 Service scanning
17:07:32.808 Disk 0 trace - called modules:
17:07:32.846 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
17:07:32.850 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858fd780]
17:07:32.854 3 CLASSPNP.SYS[881b38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8447f030]
17:07:32.859 Scan finished successfully
17:07:57.681 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
17:07:57.688 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"

Main Rig: FX4100@4.2Ghz, 16GB DDR3 1866, ASUS M5A99X EVO, 2x Radeon 6870, 128GB Vertex4 SSD, 1TB HDD, Thermaltake Chaser MK-2
 


#4 ben79k

ben79k
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 06 July 2011 - 08:01 PM

Another noteable mention, Gringo, is that i have had VERY MINIMAL noticeable effects. My computer runs smoothly, normally, and i have yet to encounter any issues, the only difference since i've obtained this rootkit is startup and recovery from sleep mode both take a few extra seconds in a black window with my cursor only displayed, which is abnormal

Main Rig: FX4100@4.2Ghz, 16GB DDR3 1866, ASUS M5A99X EVO, 2x Radeon 6870, 128GB Vertex4 SSD, 1TB HDD, Thermaltake Chaser MK-2
 


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:08 PM

Posted 06 July 2011 - 08:04 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ben79k

ben79k
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 06 July 2011 - 08:22 PM

Gringo i have a quick question for you: I'm aware it's just a line of code in my MBR, is there any way i can just force a re-write of the MBR? i have a HP PC and it came preinstalled with vista, so i dont have the disks, so fdisk /mbr won't do anything. The computer is working perfectly fine with no issues whatsoever so im not even sure if this malicious code is doing anything , my AV could have removed the files the code was trying to run, could it not? I'll still use Combofix if you'd like, i am in no way arguing :) just a question...

Main Rig: FX4100@4.2Ghz, 16GB DDR3 1866, ASUS M5A99X EVO, 2x Radeon 6870, 128GB Vertex4 SSD, 1TB HDD, Thermaltake Chaser MK-2
 


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:08 PM

Posted 06 July 2011 - 08:29 PM

I think it may be just a little more than a few lines of code in the mbr

run combofix and lets see what else may be there



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ben79k

ben79k
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 06 July 2011 - 08:33 PM

Will do, just backing up music/photos/videos incase something goes wrong. Im aware of the risks of combofix. ill post the log whenever it's done.

Main Rig: FX4100@4.2Ghz, 16GB DDR3 1866, ASUS M5A99X EVO, 2x Radeon 6870, 128GB Vertex4 SSD, 1TB HDD, Thermaltake Chaser MK-2
 


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:08 PM

Posted 06 July 2011 - 08:37 PM

no problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ben79k

ben79k
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 06 July 2011 - 09:29 PM

Well, that was stressful. Once it was finished everything was an illegal operation, so i had to restart. My computer has never booted faster; although programs are taking a bit longer to open, which is odd. here is the log.

ComboFix 11-07-06.04 - Ben 06/07/2011 19:00:21.1.2 - x86
Running from: c:\users\Ben\Downloads\ComboFix.exe
AV: Shaw Secure 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Shaw Secure 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Shaw Secure 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LHT5E3C.tmp
.
Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy8_!WINDOWS!System32!kernel32.dll
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-07 02:13 . 2011-07-07 02:15 -------- d-----w- c:\users\Ben\AppData\Local\temp
2011-07-07 02:13 . 2011-07-07 02:13 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-07-07 02:13 . 2011-07-07 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-05 06:20 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E82C260D-2EF9-40D8-BD55-70EE4820F208}\mpengine.dll
2011-07-01 04:41 . 2011-06-06 16:36 4005936 ----a-w- c:\windows\system32\GameMon.des
2011-07-01 04:33 . 2005-01-02 03:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-07-01 04:33 . 2003-07-18 12:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-07-01 04:33 . 2011-07-01 04:33 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-06-28 19:09 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-24 19:56 . 2011-06-24 19:56 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 19:56 . 2011-06-24 19:56 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-20 22:41 . 2011-06-20 22:41 -------- d-----w- c:\program files\iPod
2011-06-16 15:08 . 2011-06-16 15:08 -------- d-----w- c:\program files\Common Files\Java
2011-06-16 07:01 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 07:01 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 07:01 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 00:13 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 00:13 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 00:13 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 00:12 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 00:12 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 00:12 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 00:12 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 00:12 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 00:12 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 00:12 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 19:27 . 2011-05-20 01:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 02:14 . 2010-10-18 03:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-25 01:39 . 2011-05-25 01:39 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2011-05-25 01:39 . 2011-05-25 01:39 17212 ----a-w- c:\windows\system32\SIntf32.dll
2011-05-25 01:39 . 2011-05-25 01:39 12067 ----a-w- c:\windows\system32\SIntf16.dll
2011-05-25 01:30 . 2011-05-25 01:30 94208 ----a-w- c:\windows\DIIUnin.exe
2011-05-25 01:30 . 2011-05-25 01:30 2829 ----a-w- c:\windows\DIIUnin.pif
2011-05-25 01:20 . 2011-05-25 01:20 2829 ----a-w- c:\windows\DiabUnin.pif
2011-05-25 01:20 . 2011-05-25 01:20 118784 ----a-w- c:\windows\DiabUnin.exe
2011-05-10 15:06 . 2011-05-10 15:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06 . 2011-05-10 15:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-09 02:20 . 2011-05-09 02:20 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-09 02:19 . 2011-05-09 02:19 605960 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-04 11:52 . 2010-10-18 05:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 08:03 . 2011-05-02 08:03 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-02 08:03 . 2011-05-02 08:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-02 08:03 . 2011-05-02 08:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-02 08:03 . 2011-05-02 08:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-02 08:03 . 2011-05-02 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-02 08:03 . 2011-05-02 08:03 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-02 08:03 . 2011-05-02 08:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-02 08:03 . 2011-05-02 08:03 367104 ----a-w- c:\windows\system32\html.iec
2011-05-02 08:03 . 2011-05-02 08:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-02 08:03 . 2011-05-02 08:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-02 08:03 . 2011-05-02 08:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-02 08:03 . 2011-05-02 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-02 08:03 . 2011-05-02 08:03 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-02 08:03 . 2011-05-02 08:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-02 08:03 . 2011-05-02 08:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-02 08:03 . 2011-05-02 08:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-02 08:03 . 2011-05-02 08:03 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-02 08:03 . 2011-05-02 08:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-02 08:03 . 2011-05-02 08:03 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-24 19:56 . 2011-05-07 00:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"F-Secure TNB"="c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"F-Secure Manager"="c:\program files\Shaw Secure\Common\FSM32.EXE" [2009-08-05 199264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2010-04-14 238592]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2010-05-06 251392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2011-3-21 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2201473093-1001737176-48290997-1001]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 {6FF14CBD-D520-404A-918FA0DD71CFEA31};{6FF14CBD-D520-404A-918FA0DD71CFEA31};c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [2011-05-23 61088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-06-06 4005936]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [2009-08-05 68064]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-12-18 36792]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-12-18 73160]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2009-04-22 11136]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [2011-06-09 148648]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-03-20 391168]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [2008-05-22 16896]
S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-22 5760]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{6FF14CBD-D520-404A-918FA0DD71CFEA31}
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 05:23]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 05:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\k5ctlu3v.default\
FF - prefs.js: browser.startup.homepage - google.ca
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-06 19:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{6FF14CBD-D520-404A-918FA0DD71CFEA31}]
"ServiceDll"="c:\users\Ben\AppData\Local\Temp\5A75.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\program files\shaw secure\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(716)
c:\program files\shaw secure\hips\fshook32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\conime.exe
c:\program files\Shaw Secure\Anti-Virus\fsgk32st.exe
c:\program files\Shaw Secure\Common\FSMA32.EXE
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RtHDVCpl.exe
c:\windows\PEV.exe
c:\program files\Shaw Secure\Anti-Virus\FSGK32.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\windows\ehome\ehsched.exe
c:\program files\Shaw Secure\Anti-Virus\fssm32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehRecvr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-07-06 19:22:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-07 02:22
.
Pre-Run: 184,840,843,264 bytes free
Post-Run: 185,769,746,432 bytes free
.
- - End Of File - - 47B16AD0E97BD8A9B98229F7AF5FB4D5

Main Rig: FX4100@4.2Ghz, 16GB DDR3 1866, ASUS M5A99X EVO, 2x Radeon 6870, 128GB Vertex4 SSD, 1TB HDD, Thermaltake Chaser MK-2
 


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:08 PM

Posted 06 July 2011 - 09:39 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ben79k

ben79k
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 06 July 2011 - 10:03 PM

Will do, but question for you while it runs, any idea why my computer is running so slugishly after doing combofix..?

Main Rig: FX4100@4.2Ghz, 16GB DDR3 1866, ASUS M5A99X EVO, 2x Radeon 6870, 128GB Vertex4 SSD, 1TB HDD, Thermaltake Chaser MK-2
 


#13 ben79k

ben79k
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 06 July 2011 - 10:10 PM

Here is the TDSS killer log
2011/07/06 20:08:23.0586 5180 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/06 20:08:25.0608 5180 ================================================================================
2011/07/06 20:08:25.0608 5180 SystemInfo:
2011/07/06 20:08:25.0608 5180
2011/07/06 20:08:25.0608 5180 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/06 20:08:25.0608 5180 Product type: Workstation
2011/07/06 20:08:25.0608 5180 ComputerName: BEN-PC
2011/07/06 20:08:25.0608 5180 UserName: Ben
2011/07/06 20:08:25.0608 5180 Windows directory: C:\Windows
2011/07/06 20:08:25.0608 5180 System windows directory: C:\Windows
2011/07/06 20:08:25.0608 5180 Processor architecture: Intel x86
2011/07/06 20:08:25.0608 5180 Number of processors: 2
2011/07/06 20:08:25.0608 5180 Page size: 0x1000
2011/07/06 20:08:25.0608 5180 Boot type: Normal boot
2011/07/06 20:08:25.0608 5180 ================================================================================
2011/07/06 20:08:26.0982 5180 Initialize success
2011/07/06 20:08:39.0629 4304 ================================================================================
2011/07/06 20:08:39.0630 4304 Scan started
2011/07/06 20:08:39.0630 4304 Mode: Manual;
2011/07/06 20:08:39.0630 4304 ================================================================================
2011/07/06 20:08:41.0838 4304 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/06 20:08:42.0508 4304 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/06 20:08:42.0845 4304 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/06 20:08:42.0894 4304 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/06 20:08:43.0136 4304 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/06 20:08:43.0778 4304 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/06 20:08:44.0423 4304 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/06 20:08:44.0650 4304 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/06 20:08:44.0889 4304 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/06 20:08:44.0990 4304 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/06 20:08:45.0071 4304 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/06 20:08:45.0348 4304 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/06 20:08:45.0654 4304 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/06 20:08:45.0810 4304 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/06 20:08:45.0878 4304 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/06 20:08:45.0975 4304 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/06 20:08:46.0031 4304 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/06 20:08:46.0234 4304 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/06 20:08:46.0585 4304 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/06 20:08:46.0644 4304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/06 20:08:46.0712 4304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/06 20:08:46.0792 4304 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/06 20:08:46.0860 4304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/06 20:08:46.0925 4304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/06 20:08:47.0224 4304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/06 20:08:47.0423 4304 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/06 20:08:48.0001 4304 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/06 20:08:48.0106 4304 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/06 20:08:48.0217 4304 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/06 20:08:48.0316 4304 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/06 20:08:48.0500 4304 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/06 20:08:48.0558 4304 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/07/06 20:08:48.0807 4304 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/06 20:08:48.0877 4304 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/06 20:08:48.0997 4304 danewFltr (c512b618d0e19339572ad125e26b9cb5) C:\Windows\system32\drivers\danew.sys
2011/07/06 20:08:49.0069 4304 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/06 20:08:49.0161 4304 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/06 20:08:49.0420 4304 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/06 20:08:49.0476 4304 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/06 20:08:49.0583 4304 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
2011/07/06 20:08:49.0654 4304 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/06 20:08:49.0815 4304 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/06 20:08:49.0931 4304 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/06 20:08:50.0061 4304 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/06 20:08:50.0185 4304 F-Secure Filter (d4980588ed87f8bb16be43ddd0fbd5fe) C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys
2011/07/06 20:08:50.0230 4304 F-Secure Gatekeeper (b944feed1e1720da72f82695b0afb078) C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys
2011/07/06 20:08:50.0302 4304 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys
2011/07/06 20:08:50.0339 4304 F-Secure Recognizer (6ce1195511533c9359f91a9e63792f5e) C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys
2011/07/06 20:08:50.0570 4304 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/06 20:08:50.0649 4304 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/06 20:08:50.0746 4304 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/06 20:08:50.0826 4304 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/06 20:08:50.0899 4304 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/06 20:08:50.0974 4304 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/06 20:08:51.0280 4304 fsbts (0e3e5d0486c4e2128b9f0e1c2fd410c4) C:\Windows\system32\Drivers\fsbts.sys
2011/07/06 20:08:51.0390 4304 FSES (2bffae1318ce3d9847a8d61b3726e54e) C:\Windows\system32\drivers\fses.sys
2011/07/06 20:08:51.0470 4304 FSFW (73e6e711455491da6ebbaf9603e96323) C:\Windows\system32\drivers\fsdfw.sys
2011/07/06 20:08:51.0808 4304 fsvista (f4a1769bd7a3f073c492663e6a7decd1) C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys
2011/07/06 20:08:51.0896 4304 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/06 20:08:51.0996 4304 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/06 20:08:52.0091 4304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/06 20:08:52.0399 4304 hcw18bda (06d43e140a1b20bea7307b91ece79a32) C:\Windows\system32\drivers\hcw18bda.sys
2011/07/06 20:08:52.0530 4304 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/06 20:08:52.0612 4304 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/06 20:08:52.0659 4304 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/06 20:08:52.0695 4304 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/06 20:08:52.0750 4304 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/06 20:08:52.0808 4304 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/06 20:08:52.0938 4304 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/07/06 20:08:53.0037 4304 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/07/06 20:08:53.0120 4304 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/06 20:08:53.0165 4304 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/06 20:08:53.0249 4304 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/06 20:08:53.0554 4304 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys
2011/07/06 20:08:53.0760 4304 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/06 20:08:53.0837 4304 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/06 20:08:54.0276 4304 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/06 20:08:54.0710 4304 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/06 20:08:54.0781 4304 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/06 20:08:54.0906 4304 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/06 20:08:55.0075 4304 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/06 20:08:55.0167 4304 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/06 20:08:55.0271 4304 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/06 20:08:55.0392 4304 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/06 20:08:55.0506 4304 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/06 20:08:55.0605 4304 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/06 20:08:55.0745 4304 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/06 20:08:55.0804 4304 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/06 20:08:55.0868 4304 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/06 20:08:55.0936 4304 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/06 20:08:56.0062 4304 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/06 20:08:56.0153 4304 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/06 20:08:56.0212 4304 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/06 20:08:56.0289 4304 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/06 20:08:56.0370 4304 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/06 20:08:56.0499 4304 LycoFltr (40b844cbe235b1a20557eec28c38f3da) C:\Windows\system32\Drivers\Lycosa.sys
2011/07/06 20:08:56.0629 4304 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/06 20:08:56.0723 4304 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/06 20:08:56.0784 4304 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/06 20:08:56.0891 4304 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/06 20:08:56.0933 4304 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/06 20:08:57.0026 4304 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/06 20:08:57.0162 4304 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/06 20:08:57.0224 4304 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/06 20:08:57.0541 4304 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/06 20:08:57.0634 4304 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/06 20:08:57.0721 4304 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/06 20:08:57.0765 4304 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/06 20:08:57.0844 4304 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/06 20:08:57.0921 4304 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/06 20:08:57.0986 4304 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/07/06 20:08:58.0071 4304 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/06 20:08:58.0154 4304 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/06 20:08:58.0252 4304 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/06 20:08:58.0374 4304 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/06 20:08:58.0428 4304 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/06 20:08:58.0529 4304 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/06 20:08:58.0618 4304 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/06 20:08:58.0944 4304 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/06 20:08:59.0043 4304 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/06 20:08:59.0146 4304 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/06 20:08:59.0254 4304 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/06 20:08:59.0383 4304 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/06 20:08:59.0507 4304 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/06 20:08:59.0690 4304 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/06 20:08:59.0813 4304 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/06 20:08:59.0905 4304 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/06 20:08:59.0967 4304 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/06 20:09:00.0052 4304 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/06 20:09:00.0148 4304 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/06 20:09:00.0201 4304 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/06 20:09:00.0286 4304 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/06 20:09:00.0369 4304 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/06 20:09:00.0506 4304 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/06 20:09:00.0585 4304 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/06 20:09:01.0384 4304 nvlddmkm (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/06 20:09:01.0752 4304 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/06 20:09:01.0832 4304 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/06 20:09:01.0941 4304 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/06 20:09:02.0139 4304 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/06 20:09:02.0303 4304 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/06 20:09:02.0356 4304 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/06 20:09:02.0385 4304 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/06 20:09:02.0451 4304 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/06 20:09:02.0506 4304 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/07/06 20:09:02.0583 4304 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/06 20:09:02.0693 4304 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/06 20:09:02.0902 4304 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/06 20:09:02.0925 4304 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/06 20:09:03.0002 4304 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/06 20:09:03.0112 4304 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/06 20:09:03.0226 4304 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/06 20:09:03.0403 4304 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/06 20:09:03.0589 4304 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/06 20:09:03.0732 4304 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/06 20:09:03.0883 4304 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/06 20:09:03.0964 4304 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/06 20:09:04.0047 4304 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/06 20:09:04.0125 4304 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/06 20:09:04.0179 4304 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/06 20:09:04.0200 4304 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/06 20:09:04.0259 4304 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/06 20:09:04.0434 4304 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/06 20:09:04.0532 4304 RT25USBAP (d3b4872de758efa9e0740694c4461421) C:\Windows\system32\DRIVERS\rt25usbap.sys
2011/07/06 20:09:04.0592 4304 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/06 20:09:04.0658 4304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/06 20:09:04.0727 4304 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/06 20:09:04.0769 4304 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/06 20:09:04.0811 4304 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/06 20:09:04.0943 4304 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/07/06 20:09:05.0007 4304 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/06 20:09:05.0057 4304 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/06 20:09:05.0264 4304 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/06 20:09:05.0331 4304 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/06 20:09:05.0381 4304 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/06 20:09:05.0442 4304 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/06 20:09:05.0535 4304 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/06 20:09:05.0665 4304 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/06 20:09:05.0739 4304 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/06 20:09:05.0781 4304 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/06 20:09:05.0814 4304 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/06 20:09:05.0895 4304 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/06 20:09:05.0956 4304 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/06 20:09:06.0003 4304 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/06 20:09:06.0046 4304 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/06 20:09:06.0287 4304 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/06 20:09:06.0395 4304 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/06 20:09:06.0579 4304 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/06 20:09:06.0677 4304 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/06 20:09:06.0761 4304 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/06 20:09:06.0821 4304 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/06 20:09:06.0894 4304 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/06 20:09:07.0162 4304 TSHWMDTCP (a7d055f92c8ea06849cefc0e3aa78730) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/07/06 20:09:07.0314 4304 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/06 20:09:07.0375 4304 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/06 20:09:07.0426 4304 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/06 20:09:07.0526 4304 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/06 20:09:07.0597 4304 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/06 20:09:07.0667 4304 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/06 20:09:07.0709 4304 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/06 20:09:07.0761 4304 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/06 20:09:07.0837 4304 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/06 20:09:07.0906 4304 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/06 20:09:07.0980 4304 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/06 20:09:08.0251 4304 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/06 20:09:08.0371 4304 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/06 20:09:08.0475 4304 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/06 20:09:08.0537 4304 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/06 20:09:08.0585 4304 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/06 20:09:08.0618 4304 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/07/06 20:09:08.0662 4304 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/06 20:09:08.0719 4304 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/06 20:09:08.0828 4304 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/06 20:09:08.0968 4304 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/06 20:09:09.0086 4304 vHidDev (949aa00a83b0c4d7a3010035d8af93d9) C:\Windows\system32\DRIVERS\vHidDev.sys
2011/07/06 20:09:09.0159 4304 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/06 20:09:09.0184 4304 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/06 20:09:09.0214 4304 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/06 20:09:09.0272 4304 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/06 20:09:09.0472 4304 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/06 20:09:09.0788 4304 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/06 20:09:09.0911 4304 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/06 20:09:09.0992 4304 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/06 20:09:10.0110 4304 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 20:09:10.0167 4304 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 20:09:10.0231 4304 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/06 20:09:10.0322 4304 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/06 20:09:10.0440 4304 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/06 20:09:10.0585 4304 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/06 20:09:10.0729 4304 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/06 20:09:10.0791 4304 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/06 20:09:10.0889 4304 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/06 20:09:10.0955 4304 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/06 20:09:11.0007 4304 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/06 20:09:11.0024 4304 Boot (0x1200) (95745647debccebb534fe19a6d2d4708) \Device\Harddisk0\DR0\Partition0
2011/07/06 20:09:11.0076 4304 Boot (0x1200) (2a28d39a81287219964fbde1de79c4a0) \Device\Harddisk0\DR0\Partition1
2011/07/06 20:09:11.0082 4304 ================================================================================
2011/07/06 20:09:11.0083 4304 Scan finished
2011/07/06 20:09:11.0083 4304 ================================================================================
2011/07/06 20:09:11.0097 6036 Detected object count: 0
2011/07/06 20:09:11.0097 6036 Actual detected object count: 0

Main Rig: FX4100@4.2Ghz, 16GB DDR3 1866, ASUS M5A99X EVO, 2x Radeon 6870, 128GB Vertex4 SSD, 1TB HDD, Thermaltake Chaser MK-2
 


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:08 PM

Posted 06 July 2011 - 10:24 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 7.0.8

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ben79k

ben79k
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 06 July 2011 - 10:29 PM

I figured out the sluggish performance was due to Shaw Secure being a security whore and realizing that there were changes to the registry while it was inactive it was doing some autoscan crap and it was using alot of memory, it's done now, it found nothing, obviously, and now it's back to "normal" i'll run all these programs. be right back.

Main Rig: FX4100@4.2Ghz, 16GB DDR3 1866, ASUS M5A99X EVO, 2x Radeon 6870, 128GB Vertex4 SSD, 1TB HDD, Thermaltake Chaser MK-2
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users