Asklots.com redirect - cannot remove

Curandero · Sep 20, 2010

Hi, I've unfortunately picked up the nasty asklots.com redirect and cannot seem to budge it, which seems to a common problem.

I currently have spybot S&D (disabled tea timer), adaware and McAfee antivirus installed. I have also downloaded and run Erunt.

Here is my dds log, look forward to your response (thanks in advance).

DDS (Ver_10-03-17.01) - NTFSx86
Run by Aidan at 20:33:35.78 on Mon 20/09/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3325.2074 [GMT 10:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\ico.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Aidan\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Aidan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=1080123
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100916181055.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BitTorrent DNA] "c:\users\aidan\program files\dna\btdna.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [BSK91O3T6D] c:\users\aidan\appdata\local\temp\Kqh.exe
uRun: [PUWGILK] rundll32 "c:\users\aidan\appdata\roaming\wiaservcx.dll",FUQPVADF
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\progra~1\cocsof~1\MSniffer.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-6 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-23 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-23 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-23 164808]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355928]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-23 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-23 141792]
R2 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-8 1153368]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-23 55840]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-1-23 5632]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-23 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-23 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-23 312904]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-1-23 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-1-23 19008]
S2 gupdate1c9bfcedc4e21f0;Google Update Service (gupdate1c9bfcedc4e21f0);c:\program files\google\update\GoogleUpdate.exe [2009-4-18 133104]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-23 30192]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2007-8-6 422144]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-16 15008]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-23 84264]

=============== Created Last 30 ================

2010-09-15 10:06:01 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 10:05:59 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 10:05:58 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 10:05:32 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 07:54:03 388608 ----a-w- c:\users\aidan\HijackThis.exe
2010-09-07 14:07:17 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-07 14:07:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-04 06:21:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-04 06:21:47 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-04 06:20:59 0 d-----w- c:\program files\iPod
2010-09-04 06:20:57 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-04 06:20:57 0 d-----w- c:\program files\iTunes
2010-08-26 11:49:00 0 d-----w- c:\users\aidan\appdata\roaming\Aura4You
2010-08-26 11:48:58 0 d-----w- c:\program files\Aura4You
2010-08-26 11:14:24 0 d-----w- C:\MyDownloads
2010-08-26 10:46:44 0 d-----w- c:\program files\CoCSoft Stream Down
2010-08-23 10:16:27 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-23 10:16:01 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-23 10:16:01 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-23 10:16:01 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-23 10:16:01 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-23 10:16:01 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-23 10:16:01 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-23 10:16:00 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-23 10:16:00 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-23 10:16:00 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

==================== Find3M ====================

2010-09-20 10:28:20 81109 ----a-w- c:\programdata\nvModes.dat
2010-09-06 05:14:51 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-06 05:14:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-06 05:14:49 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-26 11:40:45 114688 ----a-w- c:\windows\system32\msvos.dll
2010-08-05 23:39:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-04 13:46:04 102400 --sha-r- c:\users\aidan\appdata\roaming\wiaservcx.dll
2010-07-27 08:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 08:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 08:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-16 19:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-28 16:17:26 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-09-18 02:24:15 174 --sha-w- c:\program files\desktop.ini
2008-09-18 02:12:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-01-23 09:39:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:34:31.77 ===============

Blade81 · Sep 23, 2010

Please post attach.txt contents too.

Curandero · Sep 24, 2010

Hi, thanks for the response.

Here's the attach.txt log"

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 23/01/2008 12:47:07 PM
System Uptime: 24/09/2010 12:49:09 AM (19 hours ago)

Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 323.118 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 213.461 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 4.96 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP760: 26/08/2010 12:36:53 AM - Scheduled Checkpoint
RP761: 28/08/2010 8:57:10 PM - Scheduled Checkpoint
RP762: 30/08/2010 12:58:52 AM - Scheduled Checkpoint
RP763: 31/08/2010 1:19:23 AM - Scheduled Checkpoint
RP764: 1/09/2010 12:26:46 AM - Scheduled Checkpoint
RP765: 2/09/2010 7:20:53 PM - Scheduled Checkpoint
RP766: 4/09/2010 1:20:30 PM - Scheduled Checkpoint
RP767: 4/09/2010 4:14:54 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP768: 4/09/2010 4:15:31 PM - Device Driver Package Install: Apple Network adapters
RP769: 5/09/2010 8:30:57 PM - Scheduled Checkpoint
RP770: 6/09/2010 3:14:23 PM - Device Driver Package Install: Research In Motion Universal Serial Bus controllers
RP771: 7/09/2010 11:02:46 PM - Scheduled Checkpoint
RP772: 9/09/2010 12:21:21 AM - Scheduled Checkpoint
RP773: 10/09/2010 8:28:29 PM - Scheduled Checkpoint
RP774: 11/09/2010 1:45:53 PM - Scheduled Checkpoint
RP775: 12/09/2010 8:45:28 PM - Scheduled Checkpoint
RP776: 13/09/2010 10:27:54 PM - Scheduled Checkpoint
RP777: 15/09/2010 1:23:32 AM - Scheduled Checkpoint
RP778: 15/09/2010 8:23:18 PM - Windows Update
RP779: 16/09/2010 6:28:10 PM - Scheduled Checkpoint
RP780: 18/09/2010 2:09:29 PM - Scheduled Checkpoint
RP781: 20/09/2010 12:00:18 AM - Scheduled Checkpoint
RP782: 20/09/2010 9:41:28 PM - Scheduled Checkpoint
RP783: 22/09/2010 12:03:31 AM - Scheduled Checkpoint
RP784: 23/09/2010 8:55:28 PM - Scheduled Checkpoint

==== Installed Programs ======================

Acoustica Effects Pack
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.2
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aura Software Manager 1.0.3
Aura Video to Audio Converter 1.2.7
BitTorrent
Bonjour
Browser Address Error Redirector
CoCSoft Stream Down 5.2
Creative Audio Console
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Dell Getting Started Guide
Dell Support Center
DNA
DVDFab HD Decrypter 3.1.8.0
e-tax 2008
ERUNT 1.1j
Free WMA to MP3 Converter 1.16
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iDump (Freeware) Build:29
Intel(R) PRO Network Connections 12.1.12.4
Intel(R) Viiv(TM) Software
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) SE Runtime Environment 6
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mouse Suite for Desktop Computers
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Display Control Panel
NVIDIA Drivers
OpenAL
Optus Wireless Broadband
PVSonyDll
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio Express Labeler
Roxio MyDVD Premier
Roxio Update Manager
SAGEM F@st 1201
Sonic CinePlayer Decoder Pack
SoulSeek 157 NS 13e
Sound Blaster X-Fi
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Sound Blaster Digital Music LX
User's Guides
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Xvid 1.1.3 final uninstall

==== End Of File ===========================

Curandero · Sep 24, 2010

Sorry, I've just realised I was supposed to zip and attach it.

Can you please remove the log I've posted as I can't edit.

Attached here:

Blade81 · Sep 24, 2010

Sorry, I've just realised I was supposed to zip and attach it.

Posting contents was fine

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
DNA
Soulseek

I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).

After that:

Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it + fresh dds logs in a reply here.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

Curandero · Sep 25, 2010

Hi Blade81,

Thanks again for the prompt response.

I've removed all the P2P programs listed as requested.

Here is my RootKit Unhooker log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #4
==============================================
>Drivers
==============================================
0x8EE03000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11567104 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 197.45 )
0x8261F000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8261F000 PnpManager 3903488 bytes
0x8261F000 RAW 3903488 bytes
0x8261F000 WMIxWDM 3903488 bytes
0x9DC10000 Win32k 2105344 bytes
0x9DC10000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x94A0C000 C:\Windows\system32\CTEXFIFX.DLL 1339392 bytes (Creative Technology Ltd., Creative XFi Effects)
0x94605000 C:\Windows\system32\drivers\ha20x2k.sys 1187840 bytes (Creative Technology Ltd, Creative 20X HAL (WDM))
0x8B03C000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x8AEF3000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x94C09000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804C9000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA660E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9512A000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8F90D000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8EC6A000 C:\Windows\system32\drivers\ctaud2k.sys 520192 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0x8060C000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8AE82000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xA4806000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8040F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8AE0D000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xA4975000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x95004000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x80731000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x94D90000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80695000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80488000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8FC36000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8EC1D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8FD74000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8F9B9000 C:\Windows\system32\DRIVERS\e1e6032.sys 241664 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver)
0x8B002000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA48FD000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B14B000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8ED65000 C:\Windows\system32\drivers\ctoss2k.sys 217088 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0x8FD40000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x829D8000 ACPI_HAL 208896 bytes
0x829D8000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807CD000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x94D5E000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x94727000 C:\Windows\system32\drivers\emupia2k.sys 196608 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0x8FC08000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8ECE9000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x947A6000 C:\Windows\system32\CT20XUT.DLL 180224 bytes (Creative Technology Ltd., Creative 20X Utility Effects)
0x805B9000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8ED3B000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x94757000 C:\Windows\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xA49C3000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8B19B000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x94D0D000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x806EC000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA494E000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8ED16000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8FDB0000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8FCA4000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8B1D3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x94B86000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA48BE000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA48DE000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807AF000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA4873000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x94CF2000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x95107000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA4890000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8EDC0000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA4936000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x947D2000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8FC82000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x950CE000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA6753000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xA6732000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x94DD8000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x94D34000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x94791000 C:\Windows\system32\CTHWIUT.DLL 86016 bytes (Creative Technology Ltd., Creative Utility Effects)
0xA48A9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8FCEA000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x95057000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8FCD6000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x94D4A000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x951E9000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x94BE7000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9506C000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8B1C2000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x94780000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8046F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805A9000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x95094000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x951D9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80797000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8EDA2000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8FCFF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8EC0E000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8AE6A000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x950F8000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B18C000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80713000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8FCC7000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8EC5B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80722000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EDB2000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9DE50000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x94DEE000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x94BD9000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x94BC2000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80782000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x950AE000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8FD33000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8F9AC000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80688000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA6726000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xA66F6000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x94B7A000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x950BB000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8FD0F000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0xA6748000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8FD1A000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x94BB7000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8FC99000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FC77000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x805EC000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F9F4000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x950EE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8FD29000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x94A00000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x95081000 C:\Windows\system32\DRIVERS\pmxmouse.sys 40960 bytes (Primax Electronics Ltd., Mouse Suite Driver (For Windows 2000 and Whistler Only))
0xA66EC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8B1F4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x94B53000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9508B000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x950E5000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA6769000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8AE79000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x94BD0000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9DE30000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x805F7000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DB000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807A7000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80480000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8ED9A000 C:\Windows\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0x950C6000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x80407000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x950A6000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E4000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x94BA7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x94BAF000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B184000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9504F000 C:\Windows\system32\DRIVERS\WinUSB.SYS 32768 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x94B63000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x94B73000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8077B000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x94B5C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x80790000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8EDD8000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x9507E000 C:\Windows\system32\DRIVERS\pmxusblf.sys 12288 bytes (Primax Electronics Ltd., USB Mouse Low Filter Driver(Win2000 only))
0x8FD27000 C:\Windows\System32\Drivers\IntelDH.sys 8192 bytes (Intel Corporation, Intel(R) software driver for Intel(R) Viiv(TM) technology)
0xA49EB000 C:\Windows\system32\DRIVERS\nmsunidr.sys 8192 bytes (Gteko Ltd., GUniDriver)
0x8F90B000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 197.45 )
0x8FD25000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x950A4000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000B4EEA, Type: Inline - RelativeJump 0x826D3EEA-->826D3EF1 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x8284380E-->8AE4006C [mfehidk.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x82801FBC-->8AE40096 [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x82843E65-->8AE40082 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x826461C0-->8AE40058 [mfehidk.sys]
[1084]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[1084]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[1084]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[1084]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[1084]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[1084]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[1084]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[1084]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[1084]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[1084]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[1084]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[1084]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[1084]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[1208]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[1208]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[1208]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[1208]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[1208]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[1208]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[1208]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[1208]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[1208]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[1208]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[1208]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[1208]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[1208]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[1240]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[1240]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[1240]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[1240]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[1256]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[1256]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[1256]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[1256]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[1256]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[1256]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[1256]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[1256]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[1256]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[1256]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[1256]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[1256]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[1256]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x77160A4D-->00000000 [unknown_code_page]
[1256]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x77162713-->00000000 [unknown_code_page]
[1256]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x771B84F1-->00000000 [unknown_code_page]
[1256]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771630C8-->00000000 [unknown_code_page]
[1256]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[1468]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[1468]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[1468]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[1468]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[1468]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[1468]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[1468]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[1468]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[1468]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[1468]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[1468]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[1468]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[1468]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x77160A4D-->00000000 [unknown_code_page]
[1468]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x77162713-->00000000 [unknown_code_page]
[1468]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x771B84F1-->00000000 [unknown_code_page]
[1468]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771630C8-->00000000 [unknown_code_page]
[1468]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[1556]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[1556]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[1556]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[1556]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[1556]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[1556]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[1556]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[1556]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[1556]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[1556]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[1556]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[1556]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[1556]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[1568]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[1568]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[1568]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[1568]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[1568]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[1568]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[1692]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[1692]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[1692]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[1692]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[1692]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[2020]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[2020]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[2020]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[2020]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[2020]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[2020]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[2020]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[2020]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[2020]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[2020]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[2020]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[2020]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[2020]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]

Curandero · Sep 25, 2010

And the rest:

[2264]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[2264]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[2264]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[2264]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[2264]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[2324]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[2324]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[2324]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[2324]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[2324]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[2324]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[2324]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[2324]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[2324]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[2324]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[2324]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[2324]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[2324]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[2360]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[2360]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[2360]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[2360]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[2360]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[2360]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[2360]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[2360]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[2360]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[2360]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[2360]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[2360]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[2360]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[2428]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2428]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[2428]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[2428]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[2428]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[2428]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[2428]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[2428]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[2428]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[2428]iexplore.exe-->gdi32.dll-->ExtTextOutA, Type: Inline - RelativeJump 0x76ECFE29-->00000000 [unknown_code_page]
[2428]iexplore.exe-->gdi32.dll-->ExtTextOutW, Type: Inline - RelativeJump 0x76EC82B1-->00000000 [unknown_code_page]
[2428]iexplore.exe-->gdi32.dll-->GetGlyphIndicesA, Type: Inline - RelativeJump 0x76EE99F0-->00000000 [unknown_code_page]
[2428]iexplore.exe-->gdi32.dll-->GetGlyphIndicesW, Type: Inline - RelativeJump 0x76ECC249-->00000000 [unknown_code_page]
[2428]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B71130-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B7119C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B711BC-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[2428]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B7111C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B71110-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B71174-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B711AC-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x76ECFE86-->00000000 [unknown_code_page]
[2428]iexplore.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x76ECF4FD-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[2428]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[2428]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C94123C-->00000000 [shimeng.dll]
[2428]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x080E1CFC-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x080E1B30-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x080E1CB0-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x080E1B3C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegEnumKeyExW, Type: IAT modification 0x080E1B64-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegEnumKeyW, Type: IAT modification 0x080E1B34-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x080E1B38-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x080E1CF4-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x080E1B28-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyW, Type: IAT modification 0x080E1BE0-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegQueryInfoKeyA, Type: IAT modification 0x080E1B60-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x080E1B4C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegQueryValueExA, Type: IAT modification 0x080E1CB4-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x080E1B78-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegQueryValueW, Type: IAT modification 0x080E1B7C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x080E1B70-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x080E125C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x080E13B0-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x080E1460-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x080E11A8-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x080E12E8-->00000000 [AcLayers.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x080E13B4-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x080E132C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x080E1328-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x080E1118-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x080E1280-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x080E1370-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x080E14A0-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x080E13BC-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x080E14E8-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x080E1390-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x080E1168-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x080E1104-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x080E13A0-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x080E136C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x080E1428-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x080E1284-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x080E1448-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x080E13C0-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x080E130C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x080E13AC-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x080E1144-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x080E1384-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x080E14F8-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x080E13B8-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x080E116C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x080E1170-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x080E2318-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x080E1890-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x080E1A6C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x080E191C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x76F583DD-->00000000 [ieframe.dll]
[2428]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x76F1BD25-->00000000 [ieframe.dll]
[2428]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x76F580B2-->00000000 [ieframe.dll]
[2428]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x76F31FD5-->00000000 [ieframe.dll]
[2428]iexplore.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x76F32B3D-->00000000 [unknown_code_page]
[2428]iexplore.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x76F32B74-->00000000 [unknown_code_page]
[2428]iexplore.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x76F28D88-->00000000 [unknown_code_page]
[2428]iexplore.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x76F29157-->00000000 [unknown_code_page]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [AcLayers.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->RegisterWaitForInputIdle, Type: IAT modification 0x77D51280-->00000000 [AcLayers.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->00000000 [AcRedir.dll]
[2428]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x76F6D5D1-->00000000 [ieframe.dll]
[2428]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x76F6D5F5-->00000000 [ieframe.dll]
[2428]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x76F6D471-->00000000 [ieframe.dll]
[2428]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x76F6D56B-->00000000 [ieframe.dll]
[2428]iexplore.exe-->user32.dll-->SetClipboardData, Type: Inline - RelativeJump 0x76F562F8-->00000000 [unknown_code_page]
[2428]iexplore.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x77160A4D-->00000000 [unknown_code_page]
[2428]iexplore.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x77162713-->00000000 [unknown_code_page]
[2428]iexplore.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x771B84F1-->00000000 [unknown_code_page]
[2428]iexplore.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771630C8-->00000000 [unknown_code_page]
[2428]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721480-->00000000 [shimeng.dll]
[2428]iexplore.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x7788330C-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x7788418A-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ws2_32.dll-->GetAddrInfoW, Type: Inline - RelativeJump 0x77883D12-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x778962D4-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[2428]iexplore.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x7788343A-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x7788659B-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ws2_32.dll-->WSAAsyncGetHostByName, Type: Inline - RelativeJump 0x77895FB9-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x77888400-->00000000 [unknown_code_page]
[2428]iexplore.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x77884496-->00000000 [unknown_code_page]
[2564]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[2564]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[2564]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[2564]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[2564]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[2564]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[2564]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[2564]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[2564]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[2564]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[2564]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[2564]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[2564]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x77160A4D-->00000000 [unknown_code_page]
[2564]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x77162713-->00000000 [unknown_code_page]
[2564]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x771B84F1-->00000000 [unknown_code_page]
[2564]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771630C8-->00000000 [unknown_code_page]
[2564]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[2816]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [McProxy.dll]
[2816]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [McProxy.dll]
[4208]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[4208]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[4208]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[4208]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[4208]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721480-->00000000 [shimeng.dll]
[4208]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[4416]ieuser.exe-->gdi32.dll-->ExtTextOutA, Type: Inline - RelativeJump 0x76ECFE29-->00000000 [unknown_code_page]
[4416]ieuser.exe-->gdi32.dll-->ExtTextOutW, Type: Inline - RelativeJump 0x76EC82B1-->00000000 [unknown_code_page]
[4416]ieuser.exe-->gdi32.dll-->GetGlyphIndicesA, Type: Inline - RelativeJump 0x76EE99F0-->00000000 [unknown_code_page]
[4416]ieuser.exe-->gdi32.dll-->GetGlyphIndicesW, Type: Inline - RelativeJump 0x76ECC249-->00000000 [unknown_code_page]
[4416]ieuser.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x76ECFE86-->00000000 [unknown_code_page]
[4416]ieuser.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x76ECF4FD-->00000000 [unknown_code_page]
[4416]ieuser.exe-->ntdll.dll-->NtQueryInformationProcess, Type: Inline - RelativeJump 0x776A8A88-->00000000 [unknown_code_page]
[4416]ieuser.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x76F31FD5-->00000000 [unknown_code_page]
[4416]ieuser.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x76F32B3D-->00000000 [unknown_code_page]
[4416]ieuser.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x76F32B74-->00000000 [unknown_code_page]
[4416]ieuser.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x76F28D88-->00000000 [unknown_code_page]
[4416]ieuser.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x76F29157-->00000000 [unknown_code_page]
[4416]ieuser.exe-->user32.dll-->SetClipboardData, Type: Inline - RelativeJump 0x76F562F8-->00000000 [unknown_code_page]
[4416]ieuser.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x7788330C-->00000000 [unknown_code_page]
[4416]ieuser.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x7788418A-->00000000 [unknown_code_page]
[4416]ieuser.exe-->ws2_32.dll-->GetAddrInfoW, Type: Inline - RelativeJump 0x77883D12-->00000000 [unknown_code_page]
[4416]ieuser.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x778962D4-->00000000 [unknown_code_page]
[4416]ieuser.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x7788343A-->00000000 [unknown_code_page]
[4416]ieuser.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x7788659B-->00000000 [unknown_code_page]
[4416]ieuser.exe-->ws2_32.dll-->WSAAsyncGetHostByName, Type: Inline - RelativeJump 0x77895FB9-->00000000 [unknown_code_page]
[4416]ieuser.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x77888400-->00000000 [unknown_code_page]
[4416]ieuser.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x77884496-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[4492]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[4576]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[4576]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[4576]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[4576]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[4576]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[4576]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[4576]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[4576]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[4576]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[4576]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[4576]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[4576]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[4576]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[776]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[776]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[776]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[776]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[776]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[776]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[776]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[776]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[776]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[776]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[776]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[776]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[776]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[788]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[788]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[788]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[788]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[788]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[788]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[788]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[788]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[788]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[788]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[788]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[788]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[788]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]
[960]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7731B8AE-->00000000 [unknown_code_page]
[960]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7731B5E7-->00000000 [unknown_code_page]
[960]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7732BCE1-->00000000 [unknown_code_page]
[960]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7732B83D-->00000000 [unknown_code_page]
[960]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77320BF5-->00000000 [unknown_code_page]
[960]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7732D4E8-->00000000 [unknown_code_page]
[960]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7733F09D-->00000000 [unknown_code_page]
[960]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77333CB0-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7700CF71-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7700CC4E-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7705430E-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76FC5C44-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76FF0284-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76FC1C36-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76FC1C01-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7700B8B6-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x76FC19C9-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76FC1929-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x76FE9491-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x76FE9469-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76FE30C3-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76FE361F-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76FC1DD1-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x76FE8D7E-->00000000 [unknown_code_page]
[960]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770554FF-->00000000 [unknown_code_page]
[960]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x776A8008-->00000000 [unknown_code_page]
[960]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x776A80C8-->00000000 [unknown_code_page]
[960]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776A8968-->00000000 [unknown_code_page]
[960]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x778836D1-->00000000 [unknown_code_page]

Curandero · Sep 25, 2010

And here is my new DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Aidan at 14:14:37.45 on Sat 25/09/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3325.2073 [GMT 10:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\ico.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Aidan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=1080123
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100916181055.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [BSK91O3T6D] c:\users\aidan\appdata\local\temp\Kqh.exe
uRun: [PUWGILK] rundll32 "c:\users\aidan\appdata\roaming\wiaservcx.dll",FUQPVADF
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\progra~1\cocsof~1\MSniffer.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-6 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-23 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-23 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-23 164808]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355928]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-23 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-23 141792]
R2 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-8 1153368]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-23 55840]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-1-23 5632]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-23 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-23 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-23 312904]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-1-23 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-1-23 19008]
S2 gupdate1c9bfcedc4e21f0;Google Update Service (gupdate1c9bfcedc4e21f0);c:\program files\google\update\GoogleUpdate.exe [2009-4-18 133104]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-23 30192]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2007-8-6 422144]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-16 15008]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-23 84264]

=============== Created Last 30 ================

2010-09-24 10:46:47 2227 ----a-w- c:\users\aidan\attach.zip
2010-09-15 10:06:01 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 10:05:59 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 10:05:58 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 10:05:32 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 07:54:03 388608 ----a-w- c:\users\aidan\HijackThis.exe
2010-09-07 14:07:17 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-07 14:07:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-04 06:21:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-04 06:21:47 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-04 06:20:59 0 d-----w- c:\program files\iPod
2010-09-04 06:20:57 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-04 06:20:57 0 d-----w- c:\program files\iTunes
2010-08-26 11:49:00 0 d-----w- c:\users\aidan\appdata\roaming\Aura4You
2010-08-26 11:48:58 0 d-----w- c:\program files\Aura4You
2010-08-26 11:14:24 0 d-----w- C:\MyDownloads
2010-08-26 10:46:44 0 d-----w- c:\program files\CoCSoft Stream Down

==================== Find3M ====================

2010-09-25 03:38:55 81109 ----a-w- c:\programdata\nvModes.dat
2010-09-06 05:14:51 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-06 05:14:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-06 05:14:49 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-26 11:40:45 114688 ----a-w- c:\windows\system32\msvos.dll
2010-08-24 04:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 04:57:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 04:57:38 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 04:57:38 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 04:57:38 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 04:57:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 04:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 04:57:38 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 04:57:38 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 04:57:38 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-05 23:39:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-04 13:46:04 102400 --sha-r- c:\users\aidan\appdata\roaming\wiaservcx.dll
2010-07-27 08:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 08:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 08:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-16 19:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-28 16:17:26 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-09-18 02:24:15 174 --sha-w- c:\program files\desktop.ini
2008-09-18 02:12:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-01-23 09:39:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:15:07.06 ===============

Curandero · Sep 25, 2010

And finally here is the DDS attach.txt (zipped and attached this time):

Blade81 · Sep 25, 2010

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Curandero · Sep 26, 2010

Hi Blade81,

Here's my ComboFix log:

ComboFix 10-09-25.06 - Aidan 26/09/2010 17:04:09.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3325.2293 [GMT 10:00]
Running from: c:\users\Aidan\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\system.dat

.
((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-24 10:46 . 2010-09-25 04:19 1804 ----a-w- c:\users\Aidan\attach.zip
2010-09-20 10:22 . 2010-09-20 10:22 -------- d-----w- c:\program files\ERUNT
2010-09-15 10:06 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 10:05 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 10:05 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 10:05 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 07:54 . 2010-09-08 07:54 388608 ----a-w- c:\users\Aidan\HijackThis.exe
2010-09-07 14:07 . 2010-09-07 23:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-07 14:07 . 2010-09-07 14:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-04 06:21 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-04 06:21 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-04 06:20 . 2010-09-04 06:20 -------- d-----w- c:\program files\iPod
2010-09-04 06:20 . 2010-09-04 06:21 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-04 06:20 . 2010-09-04 06:21 -------- d-----w- c:\program files\iTunes
2010-09-04 06:19 . 2010-09-04 06:19 -------- d-----w- c:\program files\QuickTime
2010-09-04 06:13 . 2010-09-04 06:13 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 04:33 . 2010-08-09 09:06 81109 ----a-w- c:\programdata\nvModes.dat
2010-09-25 03:57 . 2008-03-08 07:05 -------- d-----w- c:\program files\BitTorrent
2010-09-25 03:56 . 2009-08-03 11:46 -------- d-----w- c:\program files\SoulseekNS
2010-09-24 10:49 . 2008-01-23 01:58 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-23 11:09 . 2009-08-03 11:46 -------- d-----w- c:\programdata\Soulseek
2010-09-19 23:09 . 2008-03-08 07:05 -------- d-----w- c:\users\Aidan\AppData\Roaming\BitTorrent
2010-09-16 09:49 . 2008-03-09 02:59 -------- d-----w- c:\program files\Common Files\Real
2010-09-15 10:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-06 11:34 . 2008-01-29 09:44 -------- d-----w- c:\users\Aidan\AppData\Roaming\Apple Computer
2010-09-06 11:21 . 2008-01-29 09:42 -------- d-----w- c:\programdata\Apple
2010-09-04 06:20 . 2008-01-29 09:42 -------- d-----w- c:\program files\Common Files\Apple
2010-09-04 06:14 . 2008-01-23 02:46 -------- d-----w- c:\program files\Bonjour
2010-09-02 08:11 . 2010-07-26 12:55 -------- d-----w- c:\users\Aidan\AppData\Roaming\Orbit
2010-08-30 03:33 . 2008-01-23 02:02 -------- d-----w- c:\programdata\Creative
2010-08-27 09:22 . 2008-01-23 02:16 -------- d-----w- c:\programdata\Roxio
2010-08-26 11:49 . 2010-08-26 11:48 -------- d-----w- c:\program files\Aura4You
2010-08-26 11:49 . 2010-08-26 11:49 -------- d-----w- c:\users\Aidan\AppData\Roaming\Aura4You
2010-08-26 11:40 . 2005-03-30 02:29 114688 ----a-w- c:\windows\system32\msvos.dll
2010-08-26 10:47 . 2010-08-26 10:46 -------- d-----w- c:\program files\CoCSoft Stream Down
2010-08-25 13:44 . 2008-01-23 02:52 -------- d-----w- c:\program files\McAfee.com
2010-08-24 08:22 . 2008-01-23 02:52 -------- d-----w- c:\program files\McAfee
2010-08-24 08:22 . 2008-01-23 02:52 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-24 04:57 . 2010-08-23 10:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 04:57 . 2010-08-23 10:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 04:57 . 2010-08-23 10:16 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 04:57 . 2010-08-23 10:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 04:57 . 2010-08-23 10:16 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 04:57 . 2010-08-23 10:16 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 04:57 . 2010-08-23 10:16 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 04:57 . 2010-08-23 10:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 04:57 . 2010-08-23 10:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 04:57 . 2010-08-23 10:16 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-22 09:31 . 2010-04-11 04:11 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-22 09:31 . 2010-04-11 04:11 -------- d-----w- c:\program files\AVS4YOU
2010-08-22 09:29 . 2010-04-08 05:19 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-17 09:49 . 2010-08-17 09:49 680 ----a-w- c:\users\Aidan\AppData\Local\d3d9caps.dat
2010-08-15 08:22 . 2008-01-23 01:59 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 07:08 . 2008-01-23 01:59 -------- d-----w- c:\program files\Java
2010-08-13 09:20 . 2010-08-09 05:24 -------- d-----w- c:\program files\McAfee Security Scan
2010-08-09 09:06 . 2008-01-23 03:01 -------- d-----w- c:\programdata\NVIDIA
2010-08-09 09:05 . 2010-08-09 09:04 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-09 05:24 . 2010-08-09 05:24 -------- d-----w- c:\programdata\McAfee Security Scan
2010-08-05 23:39 . 2010-08-05 23:26 -------- d-----w- c:\programdata\Lavasoft
2010-08-05 23:39 . 2010-08-05 23:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-05 23:27 . 2008-01-23 02:56 -------- d-----w- c:\program files\Google
2010-08-05 23:26 . 2010-08-05 23:26 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-05 23:26 . 2010-08-05 23:26 -------- d-----w- c:\program files\Lavasoft
2010-08-04 13:46 . 2010-08-04 13:46 102400 --sha-r- c:\users\Aidan\AppData\Roaming\wiaservcx.dll
2010-08-04 13:46 . 2010-08-04 13:46 102400 --sha-r- c:\users\Aidan\AppData\Roaming\wiaservcx.dll
2010-07-27 08:44 . 2010-07-27 08:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 08:44 . 2010-07-27 08:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 08:44 . 2010-07-27 08:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-16 19:00 . 2010-04-29 13:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 17:20 . 2010-07-15 17:20 79368 ----a-w- c:\users\Aidan\AppData\Roaming\Real\Update\setup3.12\RUP\vista.exe
2010-07-15 09:20 . 2010-07-15 09:20 452104 ----a-w- c:\users\Aidan\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-07-12 08:56 . 2010-08-05 23:26 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-08-05 23:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-08-06 09:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-01 10:37 . 2010-03-19 07:38 439816 ----a-w- c:\users\Aidan\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-28 16:17 . 2010-08-11 08:29 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-11 08:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-01-23 09:39 . 2008-01-23 09:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-23 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"PUWGILK"="c:\users\Aidan\AppData\Roaming\wiaservcx.dll" [2010-08-04 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-01 30192]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-09-24 23552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Creative SB Monitoring Utility"="sbavmon.dll" [2007-06-28 93696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-08-31 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate1c9bfcedc4e21f0;Google Update Service (gupdate1c9bfcedc4e21f0);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-01 30192]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2007-08-06 422144]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-15 15008]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-01-23 5632]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
S3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
S3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - mfeavfk01
*Deregistered* - Normandy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 02:39]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 02:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
LSP: c:\progra~1\COCSOF~1\MSniffer.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 17:11
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

c:\users\Aidan\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1640582305-1652247766-3301696074-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{11E74021-1338-9C77-DD2D-69AA119D22F7}*]
"haplgbhgijmbpoge"=hex:6a,61,6d,70,6f,6c,6b,70,6a,6a,6f,68,68,62,6d,61,6c,68,
64,70,00,9d
"iafmaepnikkibeceam"=hex:6a,61,6d,70,6f,6c,6b,70,6a,6a,6f,68,68,62,6d,61,6c,68,
64,70,00,03

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-26 17:15:02
ComboFix-quarantined-files.txt 2010-09-26 07:14

Pre-Run: 348,435,673,088 bytes free
Post-Run: 347,638,075,392 bytes free

- - End Of File - - 78FD2F990439C7F88BC970C6CA1FDCA0

Curandero · Sep 26, 2010

And here is the new DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Aidan at 17:33:22.70 on Sun 26/09/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3325.2124 [GMT 10:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\ico.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\Pmxmiced.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aidan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100916181055.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [PUWGILK] rundll32 "c:\users\aidan\appdata\roaming\wiaservcx.dll",FUQPVADF
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\progra~1\cocsof~1\MSniffer.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-6 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-23 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-23 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-23 164808]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-23 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-23 141792]
R2 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-8 1153368]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-23 55840]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-1-23 5632]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-23 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-23 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-23 312904]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-1-23 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-1-23 19008]
S2 gupdate1c9bfcedc4e21f0;Google Update Service (gupdate1c9bfcedc4e21f0);c:\program files\google\update\GoogleUpdate.exe [2009-4-18 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355928]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-23 30192]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2007-8-6 422144]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-16 15008]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-23 84264]

=============== Created Last 30 ================

2010-09-26 07:15:07 0 d-sh--w- C:\$RECYCLE.BIN
2010-09-26 07:02:44 98816 ----a-w- c:\windows\sed.exe
2010-09-26 07:02:44 77312 ----a-w- c:\windows\MBR.exe
2010-09-26 07:02:44 256512 ----a-w- c:\windows\PEV.exe
2010-09-26 07:02:44 161792 ----a-w- c:\windows\SWREG.exe
2010-09-24 10:46:47 1804 ----a-w- c:\users\aidan\attach.zip
2010-09-15 10:06:01 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 10:05:59 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 10:05:58 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 10:05:32 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 07:54:03 388608 ----a-w- c:\users\aidan\HijackThis.exe
2010-09-07 14:07:17 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-07 14:07:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-04 06:21:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-04 06:21:47 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-04 06:20:59 0 d-----w- c:\program files\iPod
2010-09-04 06:20:57 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-04 06:20:57 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-09-26 04:33:57 81109 ----a-w- c:\programdata\nvModes.dat
2010-09-06 05:14:51 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-06 05:14:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-06 05:14:49 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-26 11:40:45 114688 ----a-w- c:\windows\system32\msvos.dll
2010-08-24 04:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 04:57:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 04:57:38 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 04:57:38 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 04:57:38 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 04:57:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 04:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 04:57:38 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 04:57:38 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 04:57:38 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-05 23:39:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-04 13:46:04 102400 --sha-r- c:\users\aidan\appdata\roaming\wiaservcx.dll
2010-07-27 08:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 08:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 08:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-16 19:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-28 16:17:26 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-09-18 02:24:15 174 --sha-w- c:\program files\desktop.ini
2008-09-18 02:12:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-01-23 09:39:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:33:43.68 ===============

Curandero · Sep 26, 2010

And attach.txt zipped:

Blade81 · Sep 26, 2010

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://forums.spybot.info/showthread.php?t=59518
Suspect::[76]
c:\windows\system32\msvos.dll
c:\users\aidan\appdata\roaming\wiaservcx.dll
Folder::
c:\program files\BitTorrent
c:\program files\SoulseekNS
c:\programdata\Soulseek
c:\users\Aidan\AppData\Roaming\BitTorrent
DDS::
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Regnull::
[HKEY_USERS\S-1-5-21-1640582305-1652247766-3301696074-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{11E74021-1338-9C77-DD2D-69AA119D22F7}*]

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3 & 9.3.4) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall this old Java:
Java(TM) SE Runtime Environment 6

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Curandero · Sep 27, 2010

Hello again,

Here is my new ComboFix log using CFScript.txt:

ComboFix 10-09-26.04 - Aidan 27/09/2010 21:00:42.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3325.1946 [GMT 10:00]
Running from: c:\users\Aidan\Desktop\ComboFix.exe
Command switches used :: c:\users\Aidan\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

file zipped: c:\users\Aidan\AppData\Roaming\wiaservcx.dll
file zipped: c:\windows\System32\msvos.dll
.

((((((((((((((((((((((((( Files Created from 2010-08-27 to 2010-09-27 )))))))))))))))))))))))))))))))
.

2010-09-27 11:07 . 2010-09-27 11:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-27 11:07 . 2010-09-27 11:07 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-09-27 11:07 . 2010-09-27 11:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-09-27 11:07 . 2010-09-27 11:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-26 09:06 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-26 09:06 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-26 09:04 . 2010-09-26 09:04 -------- d-----w- c:\program files\iPod
2010-09-26 09:04 . 2010-09-26 09:06 -------- d-----w- c:\program files\iTunes
2010-09-26 09:01 . 2010-09-26 09:02 -------- d-----w- c:\program files\QuickTime
2010-09-26 08:59 . 2010-09-26 08:59 -------- d-----w- c:\program files\Apple Software Update
2010-09-26 08:01 . 2010-05-21 04:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 07:35 . 2010-09-26 07:35 2194 ----a-w- c:\users\Aidan\attach.zip
2010-09-23 16:51 . 2010-09-23 16:51 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-20 10:22 . 2010-09-20 10:22 -------- d-----w- c:\program files\ERUNT
2010-09-15 10:06 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 10:05 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 10:05 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 10:05 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 07:54 . 2010-09-08 07:54 388608 ----a-w- c:\users\Aidan\HijackThis.exe
2010-09-07 14:07 . 2010-09-07 23:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-07 14:07 . 2010-09-07 14:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-04 06:20 . 2010-09-04 06:21 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-27 10:20 . 2010-08-09 09:06 81109 ----a-w- c:\programdata\nvModes.dat
2010-09-26 11:21 . 2008-01-23 02:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-26 11:15 . 2008-01-23 01:59 -------- d-----w- c:\program files\Java
2010-09-26 11:15 . 2008-01-23 01:59 -------- d-----w- c:\program files\Common Files\Java
2010-09-26 09:04 . 2008-01-29 09:42 -------- d-----w- c:\program files\Common Files\Apple
2010-09-26 07:37 . 2008-01-23 01:58 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-16 09:49 . 2008-03-09 02:59 -------- d-----w- c:\program files\Common Files\Real
2010-09-15 10:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-06 11:34 . 2008-01-29 09:44 -------- d-----w- c:\users\Aidan\AppData\Roaming\Apple Computer
2010-09-06 11:21 . 2008-01-29 09:42 -------- d-----w- c:\programdata\Apple
2010-09-04 06:14 . 2008-01-23 02:46 -------- d-----w- c:\program files\Bonjour
2010-09-02 08:11 . 2010-07-26 12:55 -------- d-----w- c:\users\Aidan\AppData\Roaming\Orbit
2010-08-30 03:33 . 2008-01-23 02:02 -------- d-----w- c:\programdata\Creative
2010-08-27 09:22 . 2008-01-23 02:16 -------- d-----w- c:\programdata\Roxio
2010-08-26 11:49 . 2010-08-26 11:48 -------- d-----w- c:\program files\Aura4You
2010-08-26 11:49 . 2010-08-26 11:49 -------- d-----w- c:\users\Aidan\AppData\Roaming\Aura4You
2010-08-26 11:40 . 2005-03-30 02:29 114688 ----a-w- c:\windows\system32\msvos.dll
2010-08-26 10:47 . 2010-08-26 10:46 -------- d-----w- c:\program files\CoCSoft Stream Down
2010-08-25 13:44 . 2008-01-23 02:52 -------- d-----w- c:\program files\McAfee.com
2010-08-24 08:22 . 2008-01-23 02:52 -------- d-----w- c:\program files\McAfee
2010-08-24 08:22 . 2008-01-23 02:52 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-24 04:57 . 2010-08-23 10:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 04:57 . 2010-08-23 10:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 04:57 . 2010-08-23 10:16 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 04:57 . 2010-08-23 10:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 04:57 . 2010-08-23 10:16 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 04:57 . 2010-08-23 10:16 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 04:57 . 2010-08-23 10:16 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 04:57 . 2010-08-23 10:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 04:57 . 2010-08-23 10:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 04:57 . 2010-08-23 10:16 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-22 09:31 . 2010-04-11 04:11 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-22 09:31 . 2010-04-11 04:11 -------- d-----w- c:\program files\AVS4YOU
2010-08-22 09:29 . 2010-04-08 05:19 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-17 09:49 . 2010-08-17 09:49 680 ----a-w- c:\users\Aidan\AppData\Local\d3d9caps.dat
2010-08-13 09:20 . 2010-08-09 05:24 -------- d-----w- c:\program files\McAfee Security Scan
2010-08-09 09:06 . 2008-01-23 03:01 -------- d-----w- c:\programdata\NVIDIA
2010-08-09 09:05 . 2010-08-09 09:04 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-09 05:24 . 2010-08-09 05:24 -------- d-----w- c:\programdata\McAfee Security Scan
2010-08-05 23:39 . 2010-08-05 23:26 -------- d-----w- c:\programdata\Lavasoft
2010-08-05 23:39 . 2010-08-05 23:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-05 23:27 . 2008-01-23 02:56 -------- d-----w- c:\program files\Google
2010-08-05 23:26 . 2010-08-05 23:26 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-05 23:26 . 2010-08-05 23:26 -------- d-----w- c:\program files\Lavasoft
2010-08-04 13:46 . 2010-08-04 13:46 102400 --sha-r- c:\users\Aidan\AppData\Roaming\wiaservcx.dll
2010-08-04 13:46 . 2010-08-04 13:46 102400 --sha-r- c:\users\Aidan\AppData\Roaming\wiaservcx.dll
2010-07-27 08:44 . 2010-07-27 08:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 08:44 . 2010-07-27 08:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 08:44 . 2010-07-27 08:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-16 19:00 . 2010-04-29 13:42 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 17:20 . 2010-07-15 17:20 79368 ----a-w- c:\users\Aidan\AppData\Roaming\Real\Update\setup3.12\RUP\vista.exe
2010-07-15 09:20 . 2010-07-15 09:20 452104 ----a-w- c:\users\Aidan\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-07-12 08:56 . 2010-08-05 23:26 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-08-05 23:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-08-06 09:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-01 10:37 . 2010-03-19 07:38 439816 ----a-w- c:\users\Aidan\AppData\Roaming\Real\Update\setup3.10\setup.exe
2008-01-23 09:39 . 2008-01-23 09:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-23 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"PUWGILK"="c:\users\Aidan\AppData\Roaming\wiaservcx.dll" [2010-08-04 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-01 30192]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-09-24 23552]
"Creative SB Monitoring Utility"="sbavmon.dll" [2007-06-28 93696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate1c9bfcedc4e21f0;Google Update Service (gupdate1c9bfcedc4e21f0);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-01 30192]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2007-08-06 422144]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-01-23 5632]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
S3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
S3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 02:39]

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 02:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
LSP: c:\progra~1\COCSOF~1\MSniffer.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-27 21:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2440)
c:\windows\System32\pmxscrll.dll
c:\windows\System32\PMXCOMM.dll
c:\windows\System32\PMXHOOKS.dll
.
Completion time: 2010-09-27 21:10:07
ComboFix-quarantined-files.txt 2010-09-27 11:10
ComboFix2.txt 2010-09-27 10:50
ComboFix3.txt 2010-09-26 07:15

Pre-Run: 356,112,793,600 bytes free
Post-Run: 356,069,191,680 bytes free

- - End Of File - - 0CAC54FD62E463409FBBAE84CA8F0149
Upload was successful

Curandero · Sep 27, 2010

I've run the STF cleaner as instructed.

I have tried 3 times to run the Kaspersky scanner but after hitting "accept" I get this error message:
"Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program."

I've never had a problem with my internet connect and I made sure that there was no interruption according to the light on my modem.

Here's the DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Aidan at 21:35:54.13 on Mon 27/09/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3325.1873 [GMT 10:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Aidan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100916181055.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [PUWGILK] rundll32 "c:\users\aidan\appdata\roaming\wiaservcx.dll",FUQPVADF
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\progra~1\cocsof~1\MSniffer.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-6 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-23 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-23 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-23 164808]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-23 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-23 141792]
R2 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-8 1153368]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-23 55840]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-1-23 5632]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-23 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-23 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-23 312904]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-1-23 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-1-23 19008]
S2 gupdate1c9bfcedc4e21f0;Google Update Service (gupdate1c9bfcedc4e21f0);c:\program files\google\update\GoogleUpdate.exe [2009-4-18 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355928]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-23 30192]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2007-8-6 422144]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-23 84264]

=============== Created Last 30 ================

2010-09-27 11:09:36 0 d-sh--w- C:\$RECYCLE.BIN
2010-09-26 09:06:10 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-26 09:06:10 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-26 09:04:17 0 d-----w- c:\program files\iPod
2010-09-26 09:04:16 0 d-----w- c:\program files\iTunes
2010-09-26 08:01:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 07:35:48 2194 ----a-w- c:\users\aidan\attach.zip
2010-09-26 07:02:44 98816 ----a-w- c:\windows\sed.exe
2010-09-26 07:02:44 77312 ----a-w- c:\windows\MBR.exe
2010-09-26 07:02:44 256512 ----a-w- c:\windows\PEV.exe
2010-09-26 07:02:44 161792 ----a-w- c:\windows\SWREG.exe
2010-09-15 10:06:01 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 10:05:59 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 10:05:58 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 10:05:32 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 07:54:03 388608 ----a-w- c:\users\aidan\HijackThis.exe
2010-09-08 01:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 01:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 14:07:17 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-07 14:07:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-04 06:20:57 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

==================== Find3M ====================

2010-09-27 10:20:34 81109 ----a-w- c:\programdata\nvModes.dat
2010-09-06 05:14:51 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-06 05:14:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-06 05:14:49 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-26 11:40:45 114688 ----a-w- c:\windows\system32\msvos.dll
2010-08-24 04:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 04:57:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 04:57:38 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 04:57:38 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 04:57:38 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 04:57:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 04:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 04:57:38 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 04:57:38 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 04:57:38 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-05 23:39:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-04 13:46:04 102400 --sha-r- c:\users\aidan\appdata\roaming\wiaservcx.dll
2010-07-27 08:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 08:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 08:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-16 19:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2008-09-18 02:24:15 174 --sha-w- c:\program files\desktop.ini
2008-09-18 02:12:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-01-23 09:39:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:36:15.49 ===============

Curandero · Sep 27, 2010

Here is attach.txt zipped:

Blade81 · Sep 27, 2010

Please try Kaspersky online scanner after a reboot. If it still fails let's try ESET scanner:
* Go here to run an online scanner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish and post back the results (if anything found).

Curandero · Sep 28, 2010

Hi again,

I'm still having no luck with Kaspersky but since the first few times I tried my modem light has not indicated a steady connection, it keeps flashing. No other apparent problems with my connection though.

I ran the ESET scanner but it found no threats.

Look forward to you reply.

Blade81 · Sep 28, 2010

Hi again,

Kaspersky has had those errors occasinally. We can ignore it.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\users\aidan\appdata\roaming\wiaservcx.dll

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. Any issues left?

Asklots.com redirect - cannot remove

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

New member

New member

New member

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus