Unsolved
This post is more than 5 years old
19 Posts
0
3859
Restarts in Stand-by/Hijackthis log
I have been having an issue with restarts when trying to put my system in standby. I have looked over power settings etc. to no avail.
I can't seem to find what is causing this problem, so here is a log to see if you can find something that Vipre, Malwarebytes and I cannot.
I Am trying to narrow down the possibilties, it's quite strange and making me nuts.
The system as a whole seems to be fine.
I'm also wanting to upgrade to xp sp3 and do not want to if there is a problem existing.
DELL Dimension 1100
Windows XP SP2 Home Ver. 5.1.2600
Intel Celeron 2.53GHz x86, 1GIG RAM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:51, on 5/9/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
https://activatemywifi.verizon.net/sdcCommon/download/WIFI/Verizon%20WiFi%20Installer.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program
Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt
Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt
Software\VIPRE\SBPIMSvc.exe
--
End of file - 4358 bytes
Thank you for your time, any help and suggestions are appriciated.
COL.
kevin27_b3d29f
1.5K Posts
0
May 20th, 2010 13:00
colonelh,
Sorry for the delay in getting to your log.
Welcome to Dell Community Malware Removal Forums,
I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
If you still require assistance please follow these instructions:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
MBAM will automatically start and you will be asked to update the program before performing a scan.
On the Scanner tab:
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
I need to see some additional information about what is happening in your machine.
Please perform the following scan:
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run.After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
Please COPY/PASTE your fresh MBAM log and BOTH DDS logs. (note: before posting any logs, please go to Format on notepads toolbar and make sure WordWrap is unchecked)
Thankyou,
K27.
colonelh
19 Posts
0
May 22nd, 2010 07:00
K27,
Thanks for your reply, not to worry about the delay. My schedule is more than full also.
I haven't done anything else to find the cause of the glich. So here is the information you requested for your analisys.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
5/22/2010 08:30:44
mbam-log-2010-05-22 (08-30-44).txt
Scan type: Quick scan
Objects scanned: 119829
Time elapsed: 11 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
An error has occurred. Please report this error code to our support team.
MBAM_ERROR_NOT_REGISTERED (0, 0)
DDS LOGS:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Owner at 8:55:40.46 on Sat 05/22/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.508 [GMT -4:00]
AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://home.verizon.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRunOnce: [Shockwave 8] "c:\windows\system32\macromed\shockwave 8\swinit.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FLMOFFICE4DMOUSE] c:\program files\browser mouse\mouse32a.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\virtua~1.lnk - c:\windows\system32\virtualexpander\VirtualExpander.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemywifi.verizon.net/sdcCommon/download/WIFI/Verizon%20WiFi%20Installer.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xktanzji.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://home.verizon.yahoo.com/
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xktanzji.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xktanzji.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xktanzji.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-5-4 13400]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-5-4 322904]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-5-4 204632]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-4-30 2730120]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-5-4 69720]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-4-30 181584]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-3-13 67800]
R3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-5-4 86232]
=============== Created Last 30 ================
2010-05-12 12:44 411,368 a------- c:\windows\system32\deployJava1.dll
2010-05-12 12:44 73,728 a------- c:\windows\system32\javacpl.cpl
2010-05-09 15:32
2010-05-08 17:12
2010-05-04 21:30 69,720 a------- c:\windows\system32\drivers\sbapifs.sys
2010-05-04 21:28 13,400 a------- c:\windows\system32\drivers\sbaphd.sys
2010-05-04 21:23 204,632 a------- c:\windows\system32\drivers\sbtis.sys
2010-05-04 21:23 86,232 a------- c:\windows\system32\drivers\sbhips.sys
2010-05-04 21:22 322,904 a------- c:\windows\system32\drivers\SbFw.sys
2010-04-30 12:31 27,984 a------- c:\windows\system32\sbbd.exe
2010-04-28 07:13
2010-04-27 22:34
2010-04-27 22:33
2010-04-27 22:32
2010-04-27 22:32
2010-04-27 22:31
2010-04-24 19:44
2010-04-24 19:43 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 19:43 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-04-24 19:43
2010-04-24 19:43
2010-04-24 18:31
2010-04-24 11:52 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2010-04-24 11:52 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2010-04-24 11:52 17,408 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2010-04-24 11:52 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2010-04-24 11:52 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2010-04-24 11:51 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2010-04-24 11:51 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2010-04-24 11:51 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2010-04-24 11:51 19,328 ac------ c:\windows\system32\dllcache\wstcodec.sys
2010-04-24 11:51 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2010-04-24 11:51 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2010-04-24 11:51 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys
2010-04-24 11:51 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys
2010-04-24 11:51 34,890 ac------ c:\windows\system32\dllcache\wlandrv2.sys
2010-04-24 11:51 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2010-04-24 11:51 53,760 ac------ c:\windows\system32\dllcache\wiamsmud.dll
2010-04-24 11:51 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2010-04-24 11:49 24,576 ac------ c:\windows\system32\dllcache\viairda.sys
2010-04-24 11:48 28,160 ac------ c:\windows\system32\dllcache\umaxu40.dll
2010-04-24 11:47 159,232 ac------ c:\windows\system32\dllcache\tridkbm.sys
2010-04-24 11:46 17,129 ac------ c:\windows\system32\dllcache\tdkcd31.sys
2010-04-24 11:45 10,240 ac------ c:\windows\system32\dllcache\swpdflt2.dll
2010-04-24 11:44 37,040 ac------ c:\windows\system32\dllcache\sonypi.sys
2010-04-24 11:43 28,160 ac------ c:\windows\system32\dllcache\sm91w.dll
2010-04-24 11:42 161,568 ac------ c:\windows\system32\dllcache\sgsmusb.sys
2010-04-24 11:42 18,400 ac------ c:\windows\system32\dllcache\sgsmld.sys
2010-04-24 11:42 98,080 ac------ c:\windows\system32\dllcache\sgiulnt5.sys
2010-04-24 11:42 386,560 ac------ c:\windows\system32\dllcache\sgiul50.dll
2010-04-24 11:42 36,480 ac------ c:\windows\system32\dllcache\sfmanm.sys
2010-04-24 11:42 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2010-04-24 11:42 17,664 ac------ c:\windows\system32\dllcache\sermouse.sys
2010-04-24 11:42 6,912 ac------ c:\windows\system32\dllcache\seaddsmc.sys
2010-04-24 11:42 10,880 ac------ c:\windows\system32\dllcache\scsiscan.sys
2010-04-24 11:42 11,648 ac------ c:\windows\system32\dllcache\scsiprnt.sys
2010-04-24 11:42 17,280 ac------ c:\windows\system32\dllcache\scr111.sys
2010-04-24 11:42 16,640 ac------ c:\windows\system32\dllcache\scmstcs.sys
2010-04-24 11:42 23,936 ac------ c:\windows\system32\dllcache\sccmusbm.sys
2010-04-24 11:40 26,624 ac------ c:\windows\system32\dllcache\rw450ext.dll
2010-04-24 11:39 41,472 ac------ c:\windows\system32\dllcache\qvusd.dll
2010-04-24 11:38 7,552 ac------ c:\windows\system32\dllcache\powerfil.sys
2010-04-24 11:37 29,769 ac------ c:\windows\system32\dllcache\pcntn5m.sys
2010-04-24 11:36 43,689 ac------ c:\windows\system32\dllcache\otceth5.sys
2010-04-24 11:35 39,264 ac------ c:\windows\system32\dllcache\neo20xx.sys
2010-04-24 11:34 452,736 ac------ c:\windows\system32\dllcache\mtxparhm.sys
2010-04-24 11:33 320,384 ac------ c:\windows\system32\dllcache\mgaum.sys
2010-04-24 11:32 20,573 ac------ c:\windows\system32\dllcache\lne100.sys
2010-04-24 11:31 23,552 ac------ c:\windows\system32\dllcache\irmk7.sys
2010-04-24 11:30 91,136 ac------ c:\windows\system32\dllcache\icam4com.dll
2010-04-24 11:29 73,279 ac------ c:\windows\system32\dllcache\hsf_spkp.sys
2010-04-24 11:28 48,128 ac------ c:\windows\system32\dllcache\hpgt33tk.dll
2010-04-24 11:27 92,160 ac------ c:\windows\system32\dllcache\fuusd.dll
2010-04-24 11:26 63,360 ac------ c:\windows\system32\dllcache\ess.sys
2010-04-24 11:25 44,103 ac------ c:\windows\system32\dllcache\el515.sys
2010-04-24 11:24 419,357 ac------ c:\windows\system32\dllcache\dgconfig.dll
2010-04-24 11:23 9,344 ac------ c:\windows\system32\dllcache\compbatt.sys
2010-04-24 11:22 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2010-04-24 11:21 73,216 ac------ c:\windows\system32\dllcache\atintuxx.sys
2010-04-24 11:20 12,288 ac------ c:\windows\system32\dllcache\4mmdat.sys
2010-04-24 11:20 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys
2010-04-24 11:20 689,216 ac------ c:\windows\system32\dllcache\3dfxvs.dll
2010-04-24 11:20 148,352 ac------ c:\windows\system32\dllcache\3dfxvsm.sys
2010-04-24 11:20 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys
2010-04-24 11:20 53,248 ac------ c:\windows\system32\dllcache\1394bus.sys
2010-04-24 11:20 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2010-04-23 18:03 230,824 a----r-- c:\windows\system32\cpnprt2.cid
2010-04-23 18:03
==================== Find3M ====================
2010-05-03 20:00 2,418 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2010-04-21 13:49 24,932 a---h--- c:\windows\system32\mlfcache.dat
2010-03-28 12:15 107 -------- c:\docume~1\owner\applic~1\netstat.bat
2010-03-27 09:39 23,510,720 -------- c:\windows\dotnetfx.exe
2010-03-17 19:11 7,293 -------- c:\program files\ST6UNST.LOG
2010-03-17 19:08 249,856 -------- c:\windows\Setup1.exe
2010-03-17 19:08 73,216 -------- c:\windows\ST6UNST.EXE
2010-03-17 18:43 252,176 -------- c:\windows\system32\MSRD2X35.DLL
2010-03-10 04:02 417,792 a------- c:\windows\system32\vbscript.dll
2010-02-26 02:12 662,016 a------- c:\windows\system32\wininet.dll
2010-02-26 02:12 81,920 a------- c:\windows\system32\ieencode.dll
2010-02-25 10:53 34,405 -------- c:\windows\DIIUnin.dat
2010-02-25 10:43 2,829 -------- c:\windows\DIIUnin.pif
2010-02-25 10:43 94,208 -------- c:\windows\DIIUnin.exe
2004-12-11 14:47 1,413,120 -------- c:\program files\NSObserverList.exe
2004-12-11 14:31 562,848 -------- c:\program files\NexStar Observer List Manual.pdf
2004-12-11 14:26 143,093 -------- c:\program files\helpmain.htm
2004-03-19 23:04 488 -------- c:\program files\help.htm
2003-12-31 22:52 5,335 -------- c:\program files\helptoc.htm
2003-12-28 13:24 6,506,496 -------- c:\program files\NSObserverList.mdb
2003-09-15 22:46 90,112 -------- c:\program files\NSObserverTemplate.tmp
2003-09-05 22:52 5,518 -------- c:\program files\Astronomy Friendly.Theme
2001-03-16 16:56 4,748 -------- c:\program files\License.rtf
============= FINISH: 8:56:57.07 ===============
DDS ATTACH LOG:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/4/2009 22:04:24
System Uptime: 5/7/2010 13:46:00 (355 hours ago)
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 109 GiB total, 91.501 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 24.659 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 4/28/2010 07:07:36 - System Checkpoint
RP2: 4/28/2010 07:11:52 - c:/
RP3: 4/28/2010 07:12:53 - Restore Operation
RP4: 4/29/2010 15:36:49 - System Checkpoint
RP5: 4/30/2010 17:49:07 - System Checkpoint
RP6: 5/1/2010 19:12:14 - System Checkpoint
RP7: 5/2/2010 20:27:49 - System Checkpoint
RP8: 5/3/2010 20:36:29 - System Checkpoint
RP9: 5/4/2010 21:22:25 - Removed VIPRE Antivirus Premium.
RP10: 5/4/2010 21:22:53 - Installed VIPRE Antivirus Premium.
RP11: 5/5/2010 21:45:49 - System Checkpoint
RP12: 5/7/2010 14:02:38 - System Checkpoint
RP13: 5/8/2010 18:14:21 - System Checkpoint
RP14: 5/9/2010 19:33:18 - System Checkpoint
RP15: 5/10/2010 20:07:11 - System Checkpoint
RP16: 5/11/2010 20:50:05 - System Checkpoint
RP17: 5/12/2010 12:44:02 - Installed Java(TM) 6 Update 20
RP18: 5/13/2010 12:50:05 - System Checkpoint
RP19: 5/14/2010 12:52:35 - System Checkpoint
RP20: 5/15/2010 08:17:34 - Software Distribution Service 3.0
RP21: 5/16/2010 08:50:05 - System Checkpoint
RP22: 5/17/2010 09:50:05 - System Checkpoint
RP23: 5/18/2010 10:50:05 - System Checkpoint
RP24: 5/19/2010 11:50:05 - System Checkpoint
RP25: 5/20/2010 12:50:05 - System Checkpoint
RP26: 5/21/2010 13:50:05 - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3.2
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser MOUSE
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Dell Color Printer 725
Dell Resource CD
Diablo II
Driver Genius Professional Edition
Evidence The Last Ritual
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Missing
Move Media Player
Mozilla Firefox (3.6.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NexStar Observer List
NexStar Observer List (C:\Program Files\)
QuickTime
Return to Mysterious Island
Sansa Updater
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Shockwave
SoundMAX
TheSkyX First Light Edition
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Verizon High Speed Internet
Verizon Servicepoint 1.5.24
VIPRE Antivirus Premium
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB839210
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888113
Yahoo! Install Manager
==== End Of File ===========================
OK, so there's the goods. Let's see what what may be revealed.
I thank you for your time and effort. Hope to hear from you soon.
COL>
kevin27_b3d29f
1.5K Posts
0
May 22nd, 2010 14:00
Hi colonelh,
Your Welcome,
Nothing major showing in the logs, just a bit of adware,
First i need you to go to:
Coupon Printer for Windows
Please download OTM by OldTimer. Save it to your desktop.
Double click OTM.exe to start the tool.
----------------------------------------------------------------------
:files
c:\windows\system32\cpnprt2.cid
c:\program files\Coupons
:commands
[emptytemp]
[reboot]
---------------------------------------------------------------------
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
After the machine has rebooted please navigate to the folder in bold C:\0c4c677c0e84eb8dd56dc00e2e and please list for me all, if any files that are in it.
And please tell me, Are you putting your system in to sleep mode and its waking itself, or are you trying to put your system into sleep mode and the whole system is rebooting.
Thanks
K27.
colonelh
19 Posts
0
May 23rd, 2010 09:00
Hey K27,
Went through all your suggested routines and here's what we've got.
The OTM results:
All processes killed
========== FILES ==========
File/Folder c:\windows\system32\cpnprt2.cid not found.
File/Folder c:\program files\Coupons not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
User: Guest
->Temp folder emptied: 2687 bytes
->Temporary Internet Files folder emptied: 334340 bytes
->Flash cache emptied: 41044 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Owner
->Temp folder emptied: 623332765 bytes
->Temporary Internet Files folder emptied: 3956692 bytes
->Java cache emptied: 11554 bytes
->FireFox cache emptied: 87687096 bytes
->Flash cache emptied: 123238 bytes
User: Systech
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2175612 bytes
%systemroot%\System32 .tmp files removed: 2932753 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9959293 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 697.00 mb
OTM by OldTimer - Version 3.1.12.0 log created on 05232010_103817
Files moved on Reboot...
Registry entries deleted on Reboot...
In the folder C:\0c4c677c0e84eb8dd56dc00e2e there were two folders, amd64 and i386, both containing these files:
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/filterpipelineprintproc.dll
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/msxpsdrv.cat
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/msxpsdrv.inf
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/msxpsinc.gpd
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/msxpsinc.ppd
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/mxdwdrv.dll
file:///C:/0c4c677c0e84eb8dd56dc00e2e/amd64/xpssvcs.dll
The only differance in the files I see was the version number of: file:///C:/0c4c677c0e84eb8dd56dc00e2e/i386/filterpipelineprintproc.dll
All that said and done, the system repeatedly sleeps and wakes itself. It does not go through atotal reboot.
Thanks again,
COL>
kevin27_b3d29f
1.5K Posts
0
May 24th, 2010 12:00
Hi colonelh,
I would like to run a few more scans just to double check that the is no infection hiding on the system.
YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,
Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.
Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:
http://www.bleepingcomputer.com/forums/topic114351.html
Next, please perform a rootkit scan:
If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.
Then please Run an online virus scan called Kaspersky from HERE.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the the ARK log and the Kaspersky Online scan. If Kaspersky reports no threats were found then report that as well.
Thanks
K27.
kevin27_b3d29f
1.5K Posts
0
May 31st, 2010 04:00
colonelh,
Do you still require assistance?
colonelh
19 Posts
0
May 31st, 2010 17:00
Hey K27,
Sorry about the lapse, haven't had time.
The issue does remain and her is the ARK report.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 18:55:58
Windows 5.1.2600 Service Pack 2
Running: 0lcwtx00.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwtdqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF79BC4D0]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Legacy Host Intrusion Prevention System Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xEC3CBEC4]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Legacy Host Intrusion Prevention System Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xEC3CC07A]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF79BC520]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6CDFF80]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00130DB0
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00130F54
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00130D24
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00130E3C
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00130FE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[208] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[496] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[496] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[564] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062106C
.text C:\WINDOWS\system32\svchost.exe[564] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00621184
.text C:\WINDOWS\system32\svchost.exe[564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006210F8
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006201A8
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00620090
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00620694
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006202C0
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00620234
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00620004
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0062011C
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006204F0
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0062057C
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006203D8
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0062034C
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00620464
.text C:\WINDOWS\system32\svchost.exe[564] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00620608
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWindowsHookExW 77D6E621 3 Bytes JMP 006207AC
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWindowsHookExW + 4 77D6E625 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWindowsHookExA 77D702B2 3 Bytes JMP 00620720
.text C:\WINDOWS\system32\svchost.exe[564] USER32.dll!SetWindowsHookExA + 4 77D702B6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00620DB0
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00620F54
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00620D24
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00620E3C
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00620FE0
.text C:\WINDOWS\system32\svchost.exe[564] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00620EC8
.text C:\WINDOWS\system32\svchost.exe[564] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006208C4
.text C:\WINDOWS\system32\svchost.exe[564] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00620838
.text C:\WINDOWS\system32\svchost.exe[564] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00620950
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00E3106C
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00E31184
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E310F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E301A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E30090
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00E30694
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E302C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E30234
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00E30004
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 00E3011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 00E304F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 00E3057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 00E303D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 00E3034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E30464
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00E30608
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E308C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00E30838
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00E30950
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00E307AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[632] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00E30720
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00CA106C
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00CA1184
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CA10F8
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CA01A8
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CA0090
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00CA0694
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CA02C0
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CA0234
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00CA0004
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 00CA011C
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 00CA04F0
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 00CA057C
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 00CA03D8
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 00CA034C
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CA0464
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00CA0608
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00CA07AC
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00CA0720
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00CA0DB0
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00CA0F54
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00CA0D24
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00CA0E3C
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00CA0FE0
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00CA0EC8
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CA08C4
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00CA0838
.text C:\Program Files\Verizon\VSP\VerizonServicepoint.exe[776] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00CA0950
.text C:\Program Files\iPod\bin\iPodService.exe[856] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\iPod\bin\iPodService.exe[856] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\iPod\bin\iPodService.exe[856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[856] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[856] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[856] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\snmp.exe[920] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0069106C
.text C:\WINDOWS\System32\snmp.exe[920] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00691184
.text C:\WINDOWS\System32\snmp.exe[920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006910F8
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006901A8
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00690090
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00690694
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006902C0
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00690234
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00690004
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0069011C
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006904F0
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0069057C
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006903D8
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0069034C
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00690464
.text C:\WINDOWS\System32\snmp.exe[920] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00690608
.text C:\WINDOWS\System32\snmp.exe[920] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006908C4
.text C:\WINDOWS\System32\snmp.exe[920] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00690838
.text C:\WINDOWS\System32\snmp.exe[920] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00690950
.text C:\WINDOWS\System32\snmp.exe[920] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 006907AC
.text C:\WINDOWS\System32\snmp.exe[920] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00690720
.text C:\WINDOWS\System32\smss.exe[956] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0030106C
.text C:\WINDOWS\System32\smss.exe[956] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00301184
.text C:\WINDOWS\System32\smss.exe[956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003010F8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe[976] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\csrss.exe[1004] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0078106C
.text C:\WINDOWS\system32\csrss.exe[1004] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00781184
.text C:\WINDOWS\system32\csrss.exe[1004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007810F8
.text C:\WINDOWS\system32\csrss.exe[1004] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 007807AC
.text C:\WINDOWS\system32\csrss.exe[1004] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00780720
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007801A8
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00780090
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00780694
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 007802C0
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00780234
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00780004
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0078011C
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 007804F0
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0078057C
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 007803D8
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0078034C
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00780464
.text C:\WINDOWS\system32\csrss.exe[1004] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00780608
.text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00BB106C
.text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00BB1184
.text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB10F8
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BB01A8
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BB0090
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00BB0694
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BB02C0
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BB0234
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00BB0004
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 00BB011C
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 00BB04F0
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 00BB057C
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 00BB03D8
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 00BB034C
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00BB0464
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00BB0608
.text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00BB07AC
.text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00BB0720
.text C:\WINDOWS\system32\winlogon.exe[1028] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BB08C4
.text C:\WINDOWS\system32\winlogon.exe[1028] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00BB0838
.text C:\WINDOWS\system32\winlogon.exe[1028] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00BB0950
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1064] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0004106C
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00041184
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 000410F8
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000401A8
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00040090
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00040694
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000402C0
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00040234
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00040004
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0004011C
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000404F0
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0004057C
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000403D8
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0004034C
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00040464
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00040608
.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 000407AC
.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00040720
.text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000408C4
.text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00040838
.text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00040950
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0095106C
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00951184
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009510F8
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009501A8
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00950090
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00950694
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009502C0
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00950234
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00950004
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0095011C
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 009504F0
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0095057C
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 009503D8
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0095034C
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00950464
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00950608
.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 009507AC
.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00950720
.text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009508C4
.text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00950838
.text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00950950
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062106C
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00621184
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006210F8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006201A8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00620090
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00620694
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006202C0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00620234
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00620004
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0062011C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006204F0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0062057C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006203D8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0062034C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00620464
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00620608
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 77D6E621 3 Bytes JMP 006207AC
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW + 4 77D6E625 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 77D702B2 3 Bytes JMP 00620720
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA + 4 77D702B6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006208C4
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00620838
.text C:\WINDOWS\system32\svchost.exe[1240] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00620950
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0087106C
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00871184
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008710F8
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008701A8
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00870090
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00870694
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008702C0
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00870234
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00870004
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0087011C
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 008704F0
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0087057C
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 008703D8
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0087034C
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00870464
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00870608
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 008707AC
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00870720
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008708C4
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00870838
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00870950
.text C:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006A106C
.text C:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 006A1184
.text C:\WINDOWS\System32\svchost.exe[1440] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006A10F8
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006A01A8
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006A0090
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 006A0694
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006A02C0
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006A0234
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 006A0004
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 006A011C
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006A04F0
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 006A057C
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006A03D8
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 006A034C
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006A0464
.text C:\WINDOWS\System32\svchost.exe[1440] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 006A0608
.text C:\WINDOWS\System32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 006A07AC
.text C:\WINDOWS\System32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 006A0720
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006A08C4
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 006A0838
.text C:\WINDOWS\System32\svchost.exe[1440] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006A0950
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 006A0DB0
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 006A0F54
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 006A0D24
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 006A0E3C
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 006A0FE0
.text C:\WINDOWS\System32\svchost.exe[1440] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 006A0EC8
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0062106C
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00621184
.text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006210F8
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006201A8
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00620090
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00620694
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006202C0
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00620234
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00620004
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0062011C
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006204F0
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0062057C
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006203D8
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0062034C
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00620464
.text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00620608
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 77D6E621 3 Bytes JMP 006207AC
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW + 4 77D6E625 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 77D702B2 3 Bytes JMP 00620720
.text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA + 4 77D702B6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0071106C
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00711184
.text C:\WINDOWS\system32\svchost.exe[1644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007110F8
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007101A8
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00710090
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00710694
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007102C0
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00710234
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00710004
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0071011C
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 007104F0
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0071057C
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 007103D8
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0071034C
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00710464
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00710608
.text C:\WINDOWS\system32\svchost.exe[1644] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 007107AC
.text C:\WINDOWS\system32\svchost.exe[1644] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00710720
.text C:\WINDOWS\system32\svchost.exe[1644] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007108C4
.text C:\WINDOWS\system32\svchost.exe[1644] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00710838
.text C:\WINDOWS\system32\svchost.exe[1644] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00710950
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00130DB0
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00130F54
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00130D24
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00130E3C
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00130FE0
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00130EC8
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe[1744] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00130DB0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00130F54
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00130D24
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00130E3C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00130FE0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1756] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006A106C
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 006A1184
.text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006A10F8
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006A01A8
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006A0090
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 006A0694
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006A02C0
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006A0234
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 006A0004
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 006A011C
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 006A04F0
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 006A057C
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 006A03D8
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 006A034C
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006A0464
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 006A0608
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 006A07AC
.text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 006A0720
.text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006A08C4
.text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 006A0838
.text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006A0950
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 006A0DB0
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 006A0F54
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 006A0D24
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 006A0E3C
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 006A0FE0
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 006A0EC8
.text C:\WINDOWS\system32\igfxpers.exe[1928] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\WINDOWS\system32\igfxpers.exe[1928] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\WINDOWS\system32\igfxpers.exe[1928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\igfxpers.exe[1928] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\igfxpers.exe[1928] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\igfxpers.exe[1928] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0092106C
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00921184
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009210F8
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009201A8
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00920090
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00920694
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009202C0
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00920234
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00920004
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0092011C
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 009204F0
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0092057C
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 009203D8
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0092034C
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00920464
.text C:\WINDOWS\system32\spoolsv.exe[1988] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00920608
.text C:\WINDOWS\system32\spoolsv.exe[1988] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 009207AC
.text C:\WINDOWS\system32\spoolsv.exe[1988] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00920720
.text C:\WINDOWS\system32\spoolsv.exe[1988] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009208C4
.text C:\WINDOWS\system32\spoolsv.exe[1988] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00920838
.text C:\WINDOWS\system32\spoolsv.exe[1988] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00920950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2096] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wuauclt.exe[2124] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wuauclt.exe[2124] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wuauclt.exe[2124] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00080720
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] user32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Browser MOUSE\mouse32a.exe[2268] user32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\Explorer.EXE[2276] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0008106C
.text C:\WINDOWS\Explorer.EXE[2276] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00081184
.text C:\WINDOWS\Explorer.EXE[2276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 000810F8
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[2276] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[2276] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[2276] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[2276] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[2276] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[2276] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[2276] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2432] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\notepad.exe[2440] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\notepad.exe[2440] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\notepad.exe[2440] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00080720
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 03FA106C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 03FA1184
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03FA10F8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 03FA01A8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 03FA0090
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 03FA0694
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03FA02C0
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 03FA0234
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 03FA0004
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 03FA011C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 03FA04F0
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 03FA057C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 03FA03D8
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 03FA034C
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 03FA0464
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 03FA0608
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 03FA07AC
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 03FA0720
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 03FA08C4
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 03FA0838
.text C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe[3252] WS2_32.dll!connect 71AB406A 5 Bytes JMP 03FA0950
.text C:\WINDOWS\system32\hkcmd.exe[3332] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\WINDOWS\system32\hkcmd.exe[3332] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\WINDOWS\system32\hkcmd.exe[3332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\hkcmd.exe[3332] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\hkcmd.exe[3332] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\hkcmd.exe[3332] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Owner\My Documents\Downloads\0lcwtx00.exe[3368] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetOpenW 771BAEED 5 Bytes JMP 00130DB0
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetConnectA 771C308A 5 Bytes JMP 00130F54
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetOpenA 771C573E 5 Bytes JMP 00130D24
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetOpenUrlA 771C59F1 5 Bytes JMP 00130E3C
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetConnectW 771CEDC8 5 Bytes JMP 00130FE0
.text C:\Program Files\iTunes\iTunesHelper.exe[3492] WININET.DLL!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0013106C
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00131184
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001310F8
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\dlcfcoms.exe[4080] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00130720
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BC779924E27E5D4492BEBB66528611C\Usage@SunbeltMergeModules 1019155134
---- EOF - GMER 1.0.15 ----
At this time I was Unable to complete the Kapersky update to run the scan.
I must shut down for the lightening gets very close on my hilltop.
See you soon,
Remember our fallen brothers.
COL>
kevin27_b3d29f
1.5K Posts
0
May 31st, 2010 23:00
PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBO-FIX, SO THAT COMBO-FIX IS NOT HINDERED IN ITS REMOVAL PROCESS
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:
Combo-fix MUST be save to your desktop before running the tool
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
When prompted to install the recovery console please make sure to do so as the is a VERY IMPORTANT backup of Combo-fix XP only
You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run Combo-Fix,
Post back and we will install it manually.
DO NOT mouse click when Combo-Fix is running as this will cause Combo-Fix to Stall and it will not work as it should
Please include the C:\ComboFix.txt in your next reply for further review.
kevin27_b3d29f
1.5K Posts
0
June 8th, 2010 22:00
This topic is Inactive.....
The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)
If you are the original poster and would like further assistance please post a fresh HJT log and details of the problems you are having.
All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the button.
Regards
K27
colonelh
19 Posts
0
June 11th, 2010 11:00
K27,
Hey there,
I did get to run the Kapersky scan and it did not show any malicious files.
The system still will not go into a low power state. When I try to put it in stand-by, windows states preparing to stand-by, the monitor and hard drive shuts down (the cooling fan continues to run). A minute or less later the hard drive starts back up as it would when woken up. The monitor will stay blank unil I intervene. This will conitinue in cycles unless I log on and just leave the system running. I can not seem to find what is keeping the system from sleeping.
Here is the fresh log you requested:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:39, on 6/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: Secunia PSI.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemywifi.verizon.net/sdcCommon/download/WIFI/Verizon%20WiFi%20Installer.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
--
End of file - 5446 bytes
Thanks yet again,
COL>
In addition, I had not been notified of your post about Combofix so did not initially see it.
Anyway here is the Combofix log file:
ComboFix 10-06-10.06 - Owner 06/11/2010 14:22:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.525 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.
2010-06-10 20:57 . 2010-06-10 20:57 53632 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-10 20:57 . 2010-06-10 20:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-10 20:38 . 2010-06-10 20:38 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-09 22:16 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-06-09 22:16 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-09 22:16 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-06-09 22:15 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-06-09 22:15 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-06-09 22:15 . 2010-06-09 22:15 -------- d-----w- c:\windows\Logs
2010-06-09 17:49 . 2010-06-11 16:26 -------- d-----w- c:\program files\nLite
2010-06-09 17:05 . 2010-06-09 17:05 -------- d-----w- c:\program files\Smart Projects
2010-06-09 16:34 . 2010-06-11 16:14 -------- d-----w- C:\winxpcd
2010-06-05 00:57 . 2010-06-05 00:57 -------- d-----w- c:\windows\system32\Events
2010-05-28 11:04 . 2010-05-28 11:04 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-28 08:20 . 2010-05-28 08:20 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74e5f840-n\msvcp71.dll
2010-05-28 08:20 . 2010-05-28 08:20 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74e5f840-n\jmc.dll
2010-05-28 08:20 . 2010-05-28 08:20 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-74e5f840-n\msvcr71.dll
2010-05-28 08:20 . 2010-05-28 08:20 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-535824dc-n\decora-sse.dll
2010-05-28 08:20 . 2010-05-28 08:20 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-535824dc-n\decora-d3d.dll
2010-05-23 18:03 . 2010-05-23 18:03 -------- d-----w- c:\program files\iPod
2010-05-23 18:03 . 2010-05-23 18:03 -------- d-----w- c:\program files\iTunes
2010-05-23 18:03 . 2010-05-23 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-23 17:59 . 2010-05-23 18:00 -------- d-----w- c:\program files\QuickTime
2010-05-23 17:56 . 2010-05-23 17:56 -------- d-----w- c:\program files\Bonjour
2010-05-23 17:44 . 2010-05-23 17:44 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-23 14:38 . 2010-05-23 14:38 -------- d-----w- C:\_OTM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 18:20 . 2009-12-05 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-10 14:01 . 2010-01-24 02:20 2810 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-06-05 12:45 . 2009-12-05 06:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 11:23 . 2009-12-25 20:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-05-23 18:03 . 2009-12-25 20:24 -------- d-----w- c:\program files\Common Files\Apple
2010-05-22 12:18 . 2010-04-24 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 16:45 . 2010-05-12 16:45 -------- d-----w- c:\program files\Common Files\Java
2010-05-12 16:44 . 2010-05-12 16:44 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3779e092-n\msvcp71.dll
2010-05-12 16:44 . 2010-05-12 16:44 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3779e092-n\jmc.dll
2010-05-12 16:44 . 2010-05-12 16:44 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3779e092-n\msvcr71.dll
2010-05-12 16:44 . 2010-05-12 16:44 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24ca6ec0-n\decora-sse.dll
2010-05-12 16:44 . 2010-05-12 16:44 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24ca6ec0-n\decora-d3d.dll
2010-05-12 16:44 . 2010-05-12 16:44 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 16:44 . 2010-05-12 16:44 -------- d-----w- c:\program files\Java
2010-05-09 19:32 . 2010-05-09 19:32 -------- d-----w- c:\program files\Trend Micro
2010-05-02 05:56 . 2004-08-04 10:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 16:31 . 2010-04-30 16:31 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-04-29 19:39 . 2010-04-24 23:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-24 23:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 19:12 . 2010-05-05 01:23 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys
2010-04-28 19:12 . 2010-05-05 01:23 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-04-28 19:12 . 2010-05-05 01:22 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys
2010-04-28 02:38 . 2010-02-27 20:10 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-28 02:32 . 2010-04-28 02:32 -------- d-----w- c:\documents and settings\Owner\Application Data\GARMIN
2010-04-28 02:32 . 2009-12-05 05:03 -------- d-----w- c:\program files\Common Files\Motive
2010-04-28 02:32 . 2009-12-05 04:59 -------- d-----w- c:\program files\Verizon
2010-04-24 23:44 . 2010-04-24 23:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-24 23:43 . 2010-04-24 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-21 17:49 . 2009-12-26 00:16 24932 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-20 05:51 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:36 . 2006-03-04 03:33 662016 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-28 16:15 . 2009-12-05 16:16 107 ------w- c:\documents and settings\Owner\Application Data\netstat.bat
2010-03-28 16:15 . 2009-12-05 16:16 107 ------w- c:\documents and settings\Owner\Application Data\netstat.bat
2010-03-27 19:54 . 2009-12-05 04:29 29528 ------w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-27 13:39 . 2010-03-27 13:29 23510720 ------w- c:\windows\dotnetfx.exe
2010-03-17 23:11 . 2010-03-17 23:08 7293 ------w- c:\program files\ST6UNST.LOG
2010-03-17 23:08 . 2010-03-17 22:41 249856 ------w- c:\windows\Setup1.exe
2010-03-17 23:08 . 2010-03-17 22:41 73216 ------w- c:\windows\ST6UNST.EXE
2010-03-17 22:43 . 2010-03-17 22:43 252176 ------w- c:\windows\system32\MSRD2X35.DLL
2004-12-11 18:47 . 2004-12-11 18:47 1413120 ------w- c:\program files\NSObserverList.exe
2004-12-11 18:31 . 2004-12-11 18:31 562848 ------w- c:\program files\NexStar Observer List Manual.pdf
2004-12-11 18:26 . 2004-12-11 18:26 143093 ------w- c:\program files\helpmain.htm
2004-03-20 03:04 . 2004-03-20 03:04 488 ------w- c:\program files\help.htm
2004-01-01 02:52 . 2004-01-01 02:52 5335 ------w- c:\program files\helptoc.htm
2003-12-28 17:24 . 2003-12-28 17:24 6506496 ------w- c:\program files\NSObserverList.mdb
2003-09-16 02:46 . 2003-09-16 02:46 90112 ------w- c:\program files\NSObserverTemplate.tmp
2003-09-06 02:52 . 2003-09-06 02:52 5518 ------w- c:\program files\Astronomy Friendly.Theme
2001-03-16 20:56 . 2001-03-16 20:56 4748 ------w- c:\program files\License.rtf
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2010-05-08 21:12 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2010-03-07 360448]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-04-30 1291600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe [2010-5-28 911920]
VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2010-5-8 474808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-12-05 04:12 10536 ------w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/4/2010 21:28 13400]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [5/4/2010 21:22 322904]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [5/4/2010 21:23 204632]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/4/2010 21:30 69720]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [4/30/2010 12:30 181584]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [3/13/2010 16:14 67800]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 09:02 95024]
S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [4/30/2010 12:31 2730120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [5/28/2010 07:04 14896]
S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.sys [5/4/2010 21:23 86232]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.verizon.yahoo.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://home.verizon.yahoo.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-11 14:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\igfxdev.dll
- - - - - - - > 'explorer.exe'(1272)
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\program files\Browser MOUSE\MOUDL32A.DLL
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-11 14:31:15
ComboFix-quarantined-files.txt 2010-06-11 18:31
Pre-Run: 95,435,710,464 bytes free
Post-Run: 97,859,276,800 bytes free
- - End Of File - - 247B5A64F6060F2255E9E448AF08321A
Her also is another HJT log from after the Combofix run, which I figured is what you were after.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:48, on 6/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: Secunia PSI.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemywifi.verizon.net/sdcCommon/download/WIFI/Verizon%20WiFi%20Installer.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
--
End of file - 5568 bytes
Sorry about the mix up.
Thanks,
Col>
kevin27_b3d29f
1.5K Posts
0
June 11th, 2010 14:00
Hi colonelh,
No worries.
All them logs are clean, I really do not think this is malware related, one final check:
Please download OTL to your Desktop.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.
These will be long logs, so please use multipul post if need be.
Thanks,
K27.
colonelh
19 Posts
0
June 12th, 2010 07:00
K27,
The extras OTL log as previously stated.
OTL Extras logfile created on: 6/12/2010 08:34:02 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 500.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 91.19 Gb Free Space | 83.98% Space Free | Partition Type: NTFS
Drive D: | 36.98 Gb Total Space | 24.66 Gb Free Space | 66.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BRIDGE
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\ ]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BBBA9A9-02E8-467D-BE57-4797A50F7861}" = Intel(R) Network Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29977CB8-72E4-4D5E-94B2-BE6B568216C1}" = VIPRE Antivirus Premium
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ECE3188A-3B11-4332-B1B9-43FAA9A02626}" = TheSkyX First Light Edition
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Browser MOUSE" = Browser MOUSE
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Color Printer 725" = Dell Color Printer 725
"Diablo II" = Diablo II
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Evidence The Last Ritual" = Evidence The Last Ritual
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"IsoBuster_is1" = IsoBuster 2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Missing" = Missing
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nLite_is1" = nLite 1.4.9.1
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.24
"Return to Mysterious Island" = Return to Mysterious Island
"Secunia PSI" = Secunia PSI
"Shockwave" = Shockwave
"ST6UNST #1" = NexStar Observer List
"ST6UNST #2" = NexStar Observer List (C:\Program Files\)
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Sansa Updater" = Sansa Updater
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/21/2010 13:38:34 | Computer Name = BRIDGE | Source = Application Error | ID = 1000
Description = Faulting application missing.exe, version 9.0.0.432, faulting module
dirapi.dll, version 8.5.1.104, fault address 0x000a71b5.
Error - 3/21/2010 13:38:49 | Computer Name = BRIDGE | Source = Application Error | ID = 1001
Description = Fault bucket 118741512.
Error - 3/21/2010 14:55:39 | Computer Name = BRIDGE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3685, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/22/2010 17:21:46 | Computer Name = BRIDGE | Source = MsiInstaller | ID = 10005
Description = Product: VIPRE Antivirus Premium -- You do not have sufficient privileges
to complete this installation for all users of the machine. Log on as an administrator
and then retry this installation.
Error - 3/22/2010 17:22:53 | Computer Name = BRIDGE | Source = MsiInstaller | ID = 10005
Description = Product: VIPRE Antivirus Premium -- You do not have sufficient privileges
to complete this installation for all users of the machine. Log on as an administrator
and then retry this installation.
Error - 3/27/2010 10:14:44 | Computer Name = BRIDGE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x4ec683bd.
Error - 3/27/2010 10:14:50 | Computer Name = BRIDGE | Source = Application Error | ID = 1001
Description = Fault bucket 1453726857.
Error - 3/27/2010 12:36:17 | Computer Name = BRIDGE | Source = MsiInstaller | ID = 11721
Description = Product: Vz In Home Agent -- Error 1721. There is a problem with this
Windows Installer package. A program required for this install to complete could
not be run. Contact your support personnel or package vendor. Action: Run_iHAStarter,
location: C:\Program Files\Verizon\FiOS\ihs\iHAStarter.exe, command: RunFromInstall
[ System Events ]
Error - 4/24/2010 12:45:22 | Computer Name = BRIDGE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/24/2010 12:45:22 | Computer Name = BRIDGE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/24/2010 12:45:23 | Computer Name = BRIDGE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/24/2010 12:45:23 | Computer Name = BRIDGE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/24/2010 12:45:23 | Computer Name = BRIDGE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/24/2010 12:45:23 | Computer Name = BRIDGE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/24/2010 12:45:23 | Computer Name = BRIDGE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/24/2010 12:45:23 | Computer Name = BRIDGE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/24/2010 12:45:23 | Computer Name = BRIDGE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 4/24/2010 12:45:23 | Computer Name = BRIDGE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
< End of report >
If this does in fact rule out a malware issue, any recommendations as to which direction to go in are more than welcome.
Thanks again,
COL>
colonelh
19 Posts
0
June 12th, 2010 07:00
HI K27,
I do beleive you are correct in thinking that there is some other cause for this issue. I make a strong effort to keep my system clean and in good maintenance.
This is one of those want to find something dirty, but don't want to find something slipped in either.
At any rate, here is the first log from OTL:
OTL logfile created on: 6/12/2010 08:34:02 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 500.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 91.19 Gb Free Space | 83.98% Space Free | Partition Type: NTFS
Drive D: | 36.98 Gb Total Space | 24.66 Gb Free Space | 66.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BRIDGE
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/06/12 08:28:48 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/30 12:39:36 | 001,291,600 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2010/04/30 12:31:50 | 002,730,120 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2010/04/30 12:30:46 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/06 20:40:12 | 000,360,448 | ---- | M] () -- C:\Program Files\Browser MOUSE\mouse32a.exe
PRC - [2009/03/12 13:31:54 | 002,303,216 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/05 12:27:32 | 000,474,808 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
PRC - [2006/11/20 04:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcfcoms.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
========== Modules (SafeList) ==========
MOD - [2010/06/12 08:28:48 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/03/06 20:40:13 | 000,057,344 | ---- | M] () -- C:\Program Files\Browser MOUSE\mouDL32A.dll
MOD - [2007/11/06 18:08:30 | 000,106,496 | ---- | M] (Nektra S.A.) -- C:\Program Files\Sunbelt Software\VIPRE\oehook.dll
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/04/30 12:31:50 | 002,730,120 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/04/30 12:30:46 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/05 00:12:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2006/11/20 04:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2005/10/28 08:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - [2004/08/04 06:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/28 07:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/28 15:12:40 | 000,322,904 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2010/04/28 15:12:40 | 000,204,632 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/04/28 15:12:40 | 000,086,232 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (SbHips)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/11 08:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/14 05:42:42 | 000,067,800 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/01/04 06:29:42 | 000,069,720 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/01/04 06:29:40 | 000,013,400 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2009/10/13 09:02:36 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 06:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.verizon.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 20:49:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/11 14:20:13 | 000,000,000 | ---D | M]
[2009/12/05 01:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/11 14:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\extensions
[2010/04/08 18:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 22:38:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/05 01:33:14 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2009/12/05 01:39:39 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/03/24 13:22:16 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/04/27 22:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\extensions\personas@christopher.beard
[2009/12/27 17:27:32 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\searchplugins\acronym-finder.xml
[2009/12/05 01:53:17 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xktanzji.default\searchplugins\bing.xml
[2010/06/11 09:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 12:44:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/12 12:44:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe ()
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\RunOnce: [Shockwave 8] C:\WINDOWS\System32\Macromed\Shockwave 8\swinit.exe (Macromedia, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\PSI\psi.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemywifi.verizon.net/sdcCommon/download/WIFI/Verizon%20WiFi%20Installer.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/04 23:02:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/04 23:01:43 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SBAMSvc - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SafeBootMin: SBPIMSvc - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SBAMSvc - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SafeBootNet: SBPIMSvc - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2010/06/12 08:28:29 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/11 14:21:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/11 14:21:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/11 14:21:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/11 14:21:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/11 14:21:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/11 14:20:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/11 14:14:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/11 14:14:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/06/11 14:14:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/06/10 16:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/10 09:32:20 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\DO NOT OPEN!!.exe
[2010/06/09 18:16:20 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/06/09 18:16:12 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/06/09 18:16:05 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/06/09 18:15:58 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/06/09 18:15:52 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010/06/09 18:15:46 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/06/09 18:15:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/09 13:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2010/06/09 13:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Projects
[2010/06/09 12:34:51 | 000,000,000 | ---D | C] -- C:\winxpcd
[2010/06/04 20:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Events
[2010/05/28 07:04:52 | 000,014,896 | ---- | C] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf.sys
[2010/05/23 14:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/23 14:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/23 14:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/23 13:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/23 13:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/23 11:20:31 | 002,936,832 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\xpssvcs.dll
[2010/05/23 11:20:31 | 000,748,032 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\mxdwdrv.dll
[2010/05/23 11:20:31 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\filterpipelineprintproc.dll
[2010/05/23 10:38:17 | 000,000,000 | ---D | C] -- C:\_OTM
[2009/12/05 00:27:41 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2009/12/05 00:27:41 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2009/12/05 00:27:40 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2009/12/05 00:27:40 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2009/12/05 00:27:40 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
[2009/12/05 00:27:39 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
[2009/12/05 00:27:39 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2009/12/05 00:27:38 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2009/12/05 00:27:38 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/06/12 08:28:48 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/11 16:09:41 | 000,002,810 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/06/11 14:31:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 14:28:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/11 14:17:07 | 003,706,469 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/06/11 14:14:48 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/06/11 14:05:16 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 10:30:32 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\DO NOT OPEN!!.exe
[2010/06/10 16:58:02 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/06/10 16:54:36 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/10 16:54:36 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/10 16:54:36 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 16:50:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/10 16:49:49 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/06/10 16:49:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/10 16:14:26 | 000,524,099 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gp.xpi
[2010/06/10 10:01:03 | 000,209,408 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fax cover.wps
[2010/06/10 08:39:55 | 000,867,051 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xpboot.exe
[2010/06/09 20:58:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/09 13:06:01 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IsoBuster.lnk
[2010/06/08 19:32:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/08 16:15:13 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\tmpAEFD3.FOT
[2010/06/08 14:41:05 | 000,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/07 07:24:35 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Untitled Document.wps
[2010/06/05 07:43:27 | 000,001,194 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/06/04 20:57:36 | 000,018,494 | ---- | M] () -- C:\WINDOWS\System32\FirewallConfig.xml
[2010/06/04 20:57:36 | 000,001,110 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2010/05/28 15:55:17 | 000,960,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\hokey.wps
[2010/05/28 07:04:52 | 000,014,896 | ---- | M] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf.sys
[2010/05/23 14:00:03 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/23 13:01:11 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/21 20:03:33 | 000,125,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SCREEN-DOOR-MEASUREMENT.pdf
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/11 14:21:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/11 14:21:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/11 14:21:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/11 14:21:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/11 14:21:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/11 14:17:07 | 003,706,469 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/06/11 14:14:48 | 000,000,211 | -HS- | C] () -- C:\BOOT.BAK
[2010/06/11 14:14:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/06/10 16:58:02 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/06/10 16:14:25 | 000,524,099 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gp.xpi
[2010/06/10 10:01:03 | 000,209,408 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fax cover.wps
[2010/06/10 08:39:55 | 000,867,051 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xpboot.exe
[2010/06/09 13:06:01 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IsoBuster.lnk
[2010/06/08 16:15:13 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpAEFD3.FOT
[2010/06/07 07:24:34 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Untitled Document.wps
[2010/06/05 07:43:27 | 000,001,194 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/06/04 20:57:36 | 000,018,494 | ---- | C] () -- C:\WINDOWS\System32\FirewallConfig.xml
[2010/06/04 20:57:36 | 000,001,110 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2010/06/03 11:27:26 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2010/05/28 15:55:16 | 000,960,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\hokey.wps
[2010/05/23 14:03:56 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/23 14:00:02 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/23 11:20:31 | 000,010,929 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\msxpsdrv.cat
[2010/05/23 11:20:31 | 000,002,204 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\msxpsdrv.inf
[2010/05/23 11:20:31 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\msxpsinc.gpd
[2010/05/23 11:20:31 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\msxpsinc.ppd
[2010/05/21 20:03:33 | 000,125,768 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SCREEN-DOOR-MEASUREMENT.pdf
[2009/12/05 00:28:08 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2009/12/05 00:27:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2009/12/05 00:27:37 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2009/12/05 00:27:32 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2009/12/05 00:27:31 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2009/12/05 00:27:31 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2009/12/05 00:27:31 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2009/12/05 00:27:29 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2009/12/05 00:27:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2009/12/05 00:27:29 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/12/27 06:38:04 | 000,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys
========== LOP Check ==========
[2009/12/05 00:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/05/23 14:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/25 16:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/01 20:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/12/05 16:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/27 22:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2010/01/03 12:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2010/01/23 22:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/12/04 23:02:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/04 22:57:11 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
[2010/06/11 14:14:48 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2004/08/04 06:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/06/11 14:31:17 | 000,016,192 | ---- | M] () -- C:\ComboFix.txt
[2009/12/04 23:02:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/10 16:49:50 | 000,007,840 | ---- | M] () -- C:\dlcf.log
[2009/12/04 23:02:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/22 08:18:08 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/12/04 23:02:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/05 01:02:10 | 000,000,549 | ---- | M] () -- C:\NTDClient.log
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/10 16:50:15 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/06/10 17:45:10 | 000,000,026 | ---- | M] () -- C:\SfeErrors.txt
< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\winxpcd\I386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\winxpcd\I386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\winxpcd\I386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\winxpcd\I386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: IASTOR.SYS >
[2006/05/11 12:30:52 | 000,247,808 | R--- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\cmdcons\iastor.sys
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\winxpcd\I386\IASTOR.SYS
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2006/03/16 20:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\cmdcons\NvAtaBus.sys
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\winxpcd\I386\NVATABUS.SYS
< MD5 for: NVRAID.SYS >
[2006/03/16 20:51:38 | 000,081,536 | R--- | M] (NVIDIA Corporation) MD5=4BC863E8FB65EBCFDDE04822CF875E76 -- C:\cmdcons\nvraid.sys
[2006/03/16 20:51:38 | 000,081,536 | ---- | M] (NVIDIA Corporation) MD5=4BC863E8FB65EBCFDDE04822CF875E76 -- C:\WINDOWS\dell\nvraid\nvraid.sys
[2006/03/16 20:51:38 | 000,081,536 | ---- | M] (NVIDIA Corporation) MD5=4BC863E8FB65EBCFDDE04822CF875E76 -- C:\winxpcd\I386\NVRAID.SYS
< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
< MD5 for: SYMMPI.SYS >
[2005/11/17 14:58:16 | 000,092,672 | R--- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\cmdcons\symmpi.sys
[2005/11/17 14:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys
[2005/11/17 14:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\winxpcd\I386\SYMMPI.SYS
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/12/04 16:49:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/04 16:49:25 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/04 16:49:25 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/05/28 07:04:52 | 000,014,896 | ---- | M] (Secunia) -- C:\WINDOWS\system32\drivers\psi_mf.sys
[2010/04/28 15:12:40 | 000,322,904 | ---- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\SbFw.sys
[2010/04/28 15:12:40 | 000,086,232 | ---- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\sbhips.sys
[2010/04/28 15:12:40 | 000,204,632 | ---- | M] (Sunbelt Software, Inc.) -- C:\WINDOWS\system32\drivers\sbtis.sys
< %PROGRAMFILES%\*. >
[2010/06/10 16:58:01 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/01 20:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/12/05 00:16:32 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/12/25 16:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/02/27 16:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/05/23 13:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/03/06 15:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\Browser MOUSE
[2009/12/05 00:12:49 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/06/11 14:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/12/04 22:59:16 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/12/05 00:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/03/17 19:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\Data
[2010/04/01 19:26:30 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2009/12/05 00:27:26 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Color Printer 725
[2010/02/25 10:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2009/12/05 00:16:32 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/03/06 21:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/06/08 14:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/05/23 14:03:06 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/05/23 14:03:54 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/05/12 12:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/05/22 08:18:07 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/06 10:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/12/04 23:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/01/23 16:12:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/05 08:45:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/01/24 22:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/01/03 18:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2000
[2010/03/11 21:09:34 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/05/31 17:35:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/27 12:48:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/04 22:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/12/04 22:58:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/12/06 10:10:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/03/27 12:44:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/12/04 23:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/06/11 12:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\nLite
[2010/03/17 18:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\NSObserverList
[2009/12/04 22:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/15 08:18:02 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/01/24 19:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\Plus!
[2010/05/23 14:00:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/03/27 12:48:04 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/09 13:05:58 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Projects
[2010/01/24 19:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\Software Bisque
[2010/03/13 16:14:07 | 000,000,000 | ---D | M] -- C:\Program Files\Sunbelt Software
[2010/03/21 09:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\The Adventure Company
[2010/05/09 15:32:21 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/12/04 23:05:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/04/27 22:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2010/01/03 15:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/01/03 15:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/12/04 22:58:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/12/04 23:00:58 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/12/04 23:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/12/05 01:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-08 18:51:35
< >
< >
< >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\dotnetfx.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\DO NOT OPEN!!.exe:SummaryInformation
< End of report >
I will post the Extras log in a seperate post as suggested.
Thanks,
COL>
kevin27_b3d29f
1.5K Posts
0
June 14th, 2010 13:00
Hi,
The Logs are clean, now for the trouble shooting:
Can you tell me when this started, was it after running a certain program, maybe something like Driver Genius, these kind of driver/registry cleaner programs are notorious for removing important files and hosing system's.
Also there is a file on your system called C:\Documents and Settings\Owner\Desktop\DO NOT OPEN!!.exe can you tell me where this file came from and what it does.
There is also a file on the desktop called C:\Documents and Settings\Owner\Desktop\xpboot.exe, which is related to creating a boot disk to edit the Master Boot Record, can you tell me why you have this and if you have used the disc to edit anything that shoul not of been edited.
The more information you can give me, the easier my job will be.
Next Please hold the Windows key (on the bottom left of the keyboard with the Windows icon on it) and the tap "R", and copy/paste devmgmt.msc in to the run box and hit enter.
A window will open with a list of all the hardware devices and there relevent drivers currentley installed on the machine, Please post back if any have got a yellow exclamation mark ! or a red cross X next to them.
Please post back the answers to the question above and any ! or X showing in device manager.
Thanks,
K27.
colonelh
19 Posts
0
June 19th, 2010 06:00
HI K27,
I had only run the driver genius once to get a driver update for my networking, everything was still ok afterwards. This was about a month before the problem occourred. I didn't really like the idea of using it, however it was reccommended being that the wizard and I could not find the update I needed. I'm not sure why I haven't remove it from the system.
I did however notice the problem after a round or two with "Verizon service point" and their support (27 MAR 10) It had prompted plug ins for IE to operate, they were clean, but I do remember not getting the support I was expecting. I ended up going to Westell and configuring the router myself.
The two files in question were temporary and very recent. The naming of "DO NOT..." was just a warning to all. I had downloaded a standalone XP SP3 file to the desktop and used xpboot to create a slipstreamed windows sp3 boot disk. I believe I need to install sp3, but did not want to in the midst of having dirt in the system or other issues. I am done with these files and probably shoud remove them.
I looked over the drivers in the system. They are all operating properly and are all green check marked.
I am also going to be installing two 1Gb memory modules. Not that it has an impact on whats going on, just need to and letting you know.
Just let me know what else you may need and what I might do to help.
Thanks,
COL>